Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2013, 21:52   #1
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hallo zusammen,

ich habe den weißen bildschirm virus und bekomme ihn nicht weg, die daten auf dem Rechner sind mir sehr wichtig.

ich kann auch den abgesicherten Modus nicht starten, pc fährt sofort hinunter

Abgesicherter Modus mit eingabeaufforderung funktioniert.

Hat jemand eine Idee?

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2013 03
Ran by SYSTEM on 26-04-2013 23:16:10
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2226280 2011-06-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
HKU\Dienstleistungen\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
HKU\Dienstleistungen\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\Dienstleistungen\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-21] (PC Utilities Pro)
HKU\Dienstleistungen\...\Run: [GoogleChromeAutoLaunch_16D39EE45B44C3ADD23B6D558920E4B8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)
HKU\Dienstleistungen\...\Policies\system: [] 
HKU\Dienstleistungen\...\Policies\system: [DisableRegedit] 1
HKU\Dienstleistungen\...\Winlogon: [Shell] explorer.exe,C:\Users\Dienstleistungen\AppData\Roaming\skype.dat [87040 2011-11-16] ()
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-06-08] (NVIDIA Corporation)
Startup: C:ProgramData\Start Menu\Programs\Startup\ACCU-CHEK® 360° – Automatische Erkennung.lnk
ShortcutTarget: ACCU-CHEK® 360° – Automatische Erkennung.lnk -> C:\windows\system32\config\systemprofile\Desktop\ACCU-CHEK 360\Application\ApplicationMain.exe (No File)
Startup: C:ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) =================

S2 4game-service; C:\Program Files (x86)\4game\4game-service.exe [935288 2012-12-06] (Innova Co S.a r.l.)
S2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [619472 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 ASUS InstantOn; C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [64128 2011-06-02] (ASUS)
S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
S2 MSSQL$ACCUCHEK360; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2012-11-10] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-10] (Splashtop Inc.)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-09-02] ()
S2 WebOptimizer; C:\Windows\system32\dmwu.exe [1259888 2012-09-13] ()
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [16768 2011-02-25] (ASUSTek Computer Inc.)
S3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114168 2012-11-13] (Avira GmbH)
S1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [140936 2012-11-13] (Avira GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-14] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-14] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-11-29] (Avira GmbH)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-31] (Duplex Secure Ltd.)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-26 23:16 - 2013-04-26 23:16 - 00000000 ____D C:\FRST
2013-04-26 12:53 - 2013-04-26 12:53 - 00003224 ____N C:\bootsqm.dat
2013-04-26 08:34 - 2013-04-26 12:54 - 00000004 ____A C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
2013-04-24 02:25 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-22 08:01 - 2013-04-22 08:01 - 00788264 ____A (SetupManager) C:\Users\Dienstleistungen\Downloads\Firefox_setup.exe
2013-04-14 16:46 - 2013-04-14 16:46 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-04-13 15:00 - 2013-04-26 12:53 - 00003565 ____A C:\Windows\setupact.log
2013-04-13 15:00 - 2013-04-13 15:00 - 00000000 ____A C:\Windows\setuperr.log
2013-04-10 22:49 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 22:49 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 22:49 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 22:49 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 22:49 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 22:49 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-10 22:49 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 22:49 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 22:49 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 22:49 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-10 22:49 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-10 22:49 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 22:49 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 22:49 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 22:49 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 22:49 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 22:49 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 22:49 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 22:49 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 22:49 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 22:49 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 22:49 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-10 22:49 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 22:49 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 22:49 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 22:49 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-10 22:49 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-10 22:49 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 22:49 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 22:49 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 22:49 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 22:49 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 04:40 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 04:40 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 04:40 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 04:40 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 04:40 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 04:40 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 04:39 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 04:39 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 04:39 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 04:39 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 04:39 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 04:39 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 04:39 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 04:39 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-04 05:54 - 2013-04-04 05:55 - 00000000 ____D C:\Users\Dienstleistungen\AppData\Local\{03D45E47-FCC5-4D74-8D2A-30444A99D6FC}
2013-04-03 11:32 - 2013-04-03 11:32 - 00000000 ____D C:\Users\Dienstleistungen\AppData\Local\{0D1721E4-D432-46A8-AF7C-45BC6CA87DC5}
2013-03-30 07:55 - 2013-03-30 07:55 - 00062867 ____A C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
2013-03-30 07:55 - 2013-03-30 07:55 - 00000000 ____D C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail-Dateien
2013-03-30 05:10 - 2013-03-30 05:11 - 00890696 ____A C:\Windows\Minidump\033013-21028-01.dmp

==================== One Month Modified Files and Folders =======

2013-04-26 23:16 - 2013-04-26 23:16 - 00000000 ____D C:\FRST
2013-04-26 12:59 - 2011-02-18 20:24 - 00712900 ____A C:\Windows\System32\perfh007.dat
2013-04-26 12:59 - 2011-02-18 20:24 - 00152106 ____A C:\Windows\System32\perfc007.dat
2013-04-26 12:59 - 2009-07-13 21:13 - 01663838 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-26 12:54 - 2013-04-26 08:34 - 00000004 ____A C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
2013-04-26 12:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-26 12:53 - 2013-04-26 12:53 - 00003224 ____N C:\bootsqm.dat
2013-04-26 12:53 - 2013-04-13 15:00 - 00003565 ____A C:\Windows\setupact.log
2013-04-26 12:20 - 2011-08-05 13:56 - 01803088 ____A C:\Windows\WindowsUpdate.log
2013-04-26 12:17 - 2011-08-05 14:33 - 00000012 ____H C:\dvmexp.idx
2013-04-26 12:17 - 2011-08-05 14:08 - 00000000 ____D C:ProgramData\NVIDIA
2013-04-26 11:16 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-26 11:16 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-26 10:27 - 2013-01-09 15:49 - 00000428 ___AH C:\Windows\Tasks\OptimizerProUpdaterTask{796F4199-9CB6-4650-A45D-8293855330C6}.job
2013-04-26 10:27 - 2013-01-09 15:49 - 00000400 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-04-26 10:09 - 2012-06-20 23:45 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-26 10:09 - 2011-08-05 14:25 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2013-04-26 09:45 - 2012-07-12 08:49 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-26 09:13 - 2012-06-20 23:45 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-26 08:36 - 2013-03-14 08:36 - 00000000 ____D C:ProgramData\BrowserProtect
2013-04-26 08:36 - 2012-04-26 03:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-26 08:36 - 2011-04-12 17:39 - 00540362 ____A C:\Windows\PFRO.log
2013-04-25 17:17 - 2011-04-12 17:38 - 00000000 ____A C:\Windows\AsFac.log
2013-04-25 02:53 - 2011-12-27 00:34 - 00000000 __SHD C:\Users\Dienstleistungen\AppData\Roaming\.#
2013-04-25 02:46 - 2013-03-08 03:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-22 08:27 - 2011-12-31 06:52 - 00000000 ____D C:\Program Files (x86)\Opera
2013-04-22 08:03 - 2011-11-29 11:08 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-04-22 08:01 - 2013-04-22 08:01 - 00788264 ____A (SetupManager) C:\Users\Dienstleistungen\Downloads\Firefox_setup.exe
2013-04-15 10:50 - 2012-04-27 09:01 - 00000000 ____D C:\Users\Dienstleistungen\AppData\Roaming\vlc
2013-04-14 16:46 - 2013-04-14 16:46 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-04-13 15:00 - 2013-04-13 15:00 - 00000000 ____A C:\Windows\setuperr.log
2013-04-12 06:45 - 2013-04-24 02:25 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 14:13 - 2012-06-20 23:52 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-11 03:15 - 2009-07-13 20:45 - 00500200 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 22:51 - 2011-12-06 04:07 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 22:50 - 2011-12-26 06:58 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-10 07:09 - 2013-01-13 08:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-04-04 05:55 - 2013-04-04 05:54 - 00000000 ____D C:\Users\Dienstleistungen\AppData\Local\{03D45E47-FCC5-4D74-8D2A-30444A99D6FC}
2013-04-03 11:32 - 2013-04-03 11:32 - 00000000 ____D C:\Users\Dienstleistungen\AppData\Local\{0D1721E4-D432-46A8-AF7C-45BC6CA87DC5}
2013-03-30 07:55 - 2013-03-30 07:55 - 00062867 ____A C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
2013-03-30 07:55 - 2013-03-30 07:55 - 00000000 ____D C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail-Dateien
2013-03-30 05:11 - 2013-03-30 05:10 - 00890696 ____A C:\Windows\Minidump\033013-21028-01.dmp
2013-03-30 05:10 - 2012-01-10 06:46 - 753354787 ____A C:\Windows\MEMORY.DMP
2013-03-30 05:10 - 2012-01-10 06:46 - 00000000 ____D C:\Windows\Minidump

Other Malware:
===========
C:\Users\Dienstleistungen\AppData\Roaming\skype.dat
C:\Users\Dienstleistungen\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-22 18:00:46
Restore point made on: 2013-04-06 07:26:50
Restore point made on: 2013-04-10 22:48:49
Restore point made on: 2013-04-22 10:31:49
Restore point made on: 2013-04-24 21:30:34

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8102.07 MB
Available physical RAM: 7307.89 MB
Total Pagefile: 8100.21 MB
Available Pagefile: 7305.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:300 GB) (Free:217.56 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:373.63 GB) (Free:299.15 GB) NTFS (Disk=0 Partition=3)
Drive e: (SDATA1) (Fixed) (Total:349.32 GB) (Free:303.11 GB) NTFS (Disk=1 Partition=1)
Drive f: (SDATA2) (Fixed) (Total:349.31 GB) (Free:347.49 GB) NTFS (Disk=1 Partition=2)
Drive h: () (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          698 GB  1024 KB         
  Disk 1    Online          698 GB  6144 KB         
  Disk 2    Online          961 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: EF24B474

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             25 GB  1024 KB
  Partition 2    Primary            300 GB    25 GB
  Partition 0    Extended           373 GB   325 GB
  Partition 3    Logical            373 GB   325 GB

==================================================================================

Disk: 0
Partition 1
Type  : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    300 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   DATA         NTFS   Partition    373 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: B376373B

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 0    Extended           698 GB  8032 KB
  Partition 1    Logical            349 GB  8064 KB
  Partition 2    Logical            349 GB   349 GB

==================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   SDATA1       NTFS   Partition    349 GB  Healthy            

=========================================================

Disk: 1
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   SDATA2       NTFS   Partition    349 GB  Healthy            

=========================================================

Partitions of Disk 2:
===============

Disk ID: 77287886

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            960 MB   364 KB

==================================================================================

Disk: 2
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT    Removable    960 MB  Healthy            

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: EF24B474)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=300 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=374 GB) - (Type=OF) (Extended)

====================================================================
Disk: 1 (Size: 699 GB) (Disk ID: B376373B)
Partition 1: (Not Active) - (Size=699 GB) - (Type=OF) (Extended)

====================================================================
Disk: 2 (Size: 961 MB) (Disk ID: 77287886)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)


Last Boot: 2013-04-25 01:41

==================== End Of Log ============================
         
Gruß
Drummy

Geändert von drummy (26.04.2013 um 22:20 Uhr) Grund: Frst.txt hinzugefügt

Alt 26.04.2013, 22:18   #2
aharonov
/// TB-Ausbilder
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hi,

Zitat:
Abgesicherter Modus mit eingabeaufforderung funktioniert.
Hat jemand eine Idee?
Ja, ich.


Schritt 1

Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
  • Schliesse diesen USB-Stick nun an den infizierten Rechner an.
  • Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
  • In der Kommandozeile gib nun notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
  • Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Logs von OTL
__________________

__________________

Alt 26.04.2013, 22:36   #3
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hallo, danke für die schnelle antwort.

hier die files (im ersten post habe ich noch die frst.txt beigefügt falls das was bringt)

Code:
ATTFilter
OTL logfile created on: 26.04.2013 23:25:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 7,26 Gb Available Physical Memory | 91,78% Memory free
15,82 Gb Paging File | 15,19 Gb Available in Paging File | 96,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 217,56 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
Drive D: | 373,63 Gb Total Space | 299,15 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 303,11 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive F: | 349,31 Gb Total Space | 347,49 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive H: | 960,39 Mb Total Space | 885,61 Mb Free Space | 92,21% Space Free | Partition Type: FAT
 
Computer Name: ROSIN | User Name: Dienstleistungen | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 23:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013.01.28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.04.18 14:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:45:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.06 16:50:44 | 000,935,288 | ---- | M] (Innova Co S.a r.l.) [Auto | Stopped] -- C:\Program Files (x86)\4game\4game-service.exe -- (4game-service)
SRV - [2012.11.10 11:59:02 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.14 15:52:04 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:52:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 15:52:04 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:52:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 15:52:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.02 23:11:06 | 000,064,128 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.05.27 17:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.11 00:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.01.15 00:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010.11.20 14:21:38 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.13 00:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.11.13 10:34:36 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.11.13 10:34:36 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 15:52:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 15:52:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.31 19:14:19 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.11.29 21:23:02 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.09 05:24:50 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.24 15:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.03.24 15:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.26 02:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.01.27 19:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 19:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.07 09:30:00 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.03 06:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={359216DD-A5DE-4266-953E-9AFB16723869}
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={359216DD-A5DE-4266-953E-9AFB16723869}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&tt=070312_xn2&babsrc=HP_ss&mntrId=2676BC77372B4522
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848&SSPV=TB_IEOB25
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes,DefaultScope = {FC370D95-A24F-4BBC-820B-4A0796C7F42C}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=070312_xn2&babsrc=SP_ss&mntrId=2676BC77372B4522
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{74F917E6-EBA6-4D1B-A72E-6C3F9BA8CAD2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=665cb7f8-6ab4-463f-bcf3-7e8a04717a8a&apn_sauid=D7A558BA-7F58-4B37-A6DA-A8EC53F653A1
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQHDdKVJu&i=26
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={359216DD-A5DE-4266-953E-9AFB16723869}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{FC370D95-A24F-4BBC-820B-4A0796C7F42C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=TB_IEOB25
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3272810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US New E1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=3&q={searchTerms}&CUI=UN94487078675173088"
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: %7B72a0f495-ba60-4524-827b-b36b8c18587a%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN54578005321058935&UM=&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "80.82.145.52"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "80.82.145.52"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "80.82.145.52"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "80.82.145.52"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.17 17:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 16:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011.12.31 20:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.01.02 04:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.17 17:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.13 18:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 12:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.04.25 17:19:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 12:46:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:41:04 | 000,000,000 | ---D | M]
 
[2011.11.29 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Extensions
[2013.04.21 10:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions
[2013.04.18 14:58:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.04.21 10:48:27 | 000,000,000 | ---D | M] (WhiteSmoke US New E1) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
[2013.02.18 20:10:44 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2013.03.14 18:37:55 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\amo@dealplyshopping.com
[2013.03.14 18:36:01 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\ffxtlbr@delta.com
[2012.08.25 15:56:52 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\ffxtlbr@incredibar.com
[2013.01.21 21:59:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\toolbar@ask.com
[2013.03.23 21:59:35 | 000,502,957 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\toolbar@gmx.net.xpi
[2012.12.11 22:24:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.08 13:49:09 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.03.23 21:59:40 | 000,001,050 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\11-suche.xml
[2013.01.21 21:59:14 | 000,002,335 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\askcom.xml
[2013.03.14 18:36:04 | 000,001,294 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\delta.xml
[2013.03.14 18:38:30 | 000,001,064 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013.03.23 21:59:40 | 000,002,418 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\englische-ergebnisse.xml
[2013.03.23 21:59:40 | 000,010,701 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\gmx-suche.xml
[2013.03.23 21:59:40 | 000,002,432 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\lastminute.xml
[2012.08.25 15:56:30 | 000,002,203 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\MyStart Search.xml
[2012.09.24 17:01:04 | 000,003,915 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\sweetim.xml
[2013.03.23 21:59:40 | 000,005,682 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\webde-suche.xml
[2013.04.22 18:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.25 12:46:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.25 12:46:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.25 12:46:14 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta (Enabled)
CHR - default_search_provider: search_url = hxxp://www.search.delta-search.com/?q={searchTerms}&affID=119370&tt=070312_xn2&babsrc=SP_ss_d2sg&mntrId=2676BC77372B4522
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.search.delta-search.com/?affID=119370&tt=070312_xn2&babsrc=HP_ss_d2sg&mntrId=2676BC77372B4522
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: PriceGong = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: YouTube = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\
CHR - Extension: Delta Toolbar = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: DealPly Shopping = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: PriceGong = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: YouTube = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\
CHR - Extension: Delta Toolbar = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: DealPly Shopping = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [GoogleChromeAutoLaunch_16D39EE45B44C3ADD23B6D558920E4B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B97F4189-3125-4A03-85C9-0A45DC37C442}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F34C148C-A214-4197-AB6E-59B6E6C475D0}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001 Winlogon: Shell - (C:\Users\Dienstleistungen\AppData\Roaming\skype.dat) - C:\Users\Dienstleistungen\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c4a9521-33d3-11e1-a765-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0c4a9521-33d3-11e1-a765-806e6f6e6963}\Shell\AutoRun\command - "" = I:\noautorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 09:16:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.15 02:46:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Silag_prefs
[2013.04.11 08:49:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 08:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 08:49:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 08:49:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 08:49:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 08:49:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 08:49:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 08:49:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 08:49:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 08:49:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 08:49:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 08:49:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 08:49:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 08:49:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 08:49:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 14:40:03 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 14:40:03 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 14:40:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 14:40:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 14:40:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 14:40:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 14:39:54 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 14:39:53 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 14:39:53 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 14:39:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 14:39:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 14:39:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.04 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{03D45E47-FCC5-4D74-8D2A-30444A99D6FC}
[2013.04.03 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{0D1721E4-D432-46A8-AF7C-45BC6CA87DC5}
[2013.03.30 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 23:29:26 | 001,663,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 23:29:26 | 000,712,900 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 23:29:26 | 000,674,782 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 23:29:26 | 000,152,106 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 23:29:26 | 000,128,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 23:23:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 23:22:58 | 2076,753,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 22:54:37 | 000,000,004 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
[2013.04.26 22:53:00 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013.04.26 22:17:41 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013.04.26 21:16:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 21:16:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 20:27:19 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{796F4199-9CB6-4650-A45D-8293855330C6}.job
[2013.04.26 20:27:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.04.26 20:09:59 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013.04.26 20:09:22 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 19:13:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 16:08:38 | 000,022,879 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.22 18:03:03 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.17 17:48:29 | 001,309,906 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.04.12 00:13:58 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.11 13:15:37 | 000,500,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.30 17:55:44 | 000,062,867 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.30 15:10:53 | 753,354,787 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.04.26 22:53:00 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013.04.26 18:34:21 | 000,000,004 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
[2013.04.26 16:08:38 | 000,022,879 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.17 17:48:29 | 001,309,906 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.03.30 17:55:43 | 000,062,867 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.20 00:11:08 | 000,114,176 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\BabMaint.exe
[2013.03.07 16:23:51 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.11.10 11:59:34 | 000,233,960 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 11:59:02 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.10 00:39:20 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.11 13:23:39 | 000,087,040 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.dat
[2012.01.01 12:17:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.01.01 10:41:46 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.06 14:41:51 | 001,558,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.06 00:25:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.08.06 00:10:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.12 10:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.12 10:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.12 10:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.12 10:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.12 10:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.12 10:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.05.11 00:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.03.09 15:22:42 | 003,230,253 | ---- | C] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
[2012.09.08 16:59:24 | 000,013,997 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.09.08 16:59:23 | 000,013,997 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.04.10 00:24:06 | 000,336,320 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:24:05 | 000,336,320 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:23:21 | 000,042,292 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2012.04.10 00:23:20 | 000,042,292 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2006.03.23 14:38:58 | 003,230,253 | ---- | M] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
         
__________________

Alt 26.04.2013, 22:38   #4
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 23:25:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 7,26 Gb Available Physical Memory | 91,78% Memory free
15,82 Gb Paging File | 15,19 Gb Available in Paging File | 96,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 217,56 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
Drive D: | 373,63 Gb Total Space | 299,15 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 303,11 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive F: | 349,31 Gb Total Space | 347,49 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive H: | 960,39 Mb Total Space | 885,61 Mb Free Space | 92,21% Space Free | Partition Type: FAT
 
Computer Name: ROSIN | User Name: Dienstleistungen | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045654C1-2274-4375-8793-C3655DEA0FA0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0BB02343-C9A5-439B-9C09-FE4B8222D4D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23416F2F-232F-40EB-B77C-48CA0A199507}" = rport=137 | protocol=17 | dir=out | app=system | 
"{459C01C7-3C2D-424A-B52D-2E52A5070B2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{6BE1AD4E-AADD-470E-AB36-F0018768059E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6F9B0782-10D3-42B4-ACBC-29C7C67456EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7FBCEB59-5188-4FB6-A082-586DEB93DB95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9D939DD7-9B34-4AB6-962A-E08C339B8069}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{AA317511-2498-4B4A-B42D-97A34435ED52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF1179FC-A910-47B6-B217-4488ECEBBF2B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C5970469-7B7D-4C08-B1CD-E434DD478D61}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D4132E13-8F1F-4FC8-98C2-FAC98706CDE9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA022F85-01C0-42FC-BBAE-0CA758961DF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7177E08-9C70-4443-A361-8D409703937E}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024080AA-DD85-44D2-B779-A2CC54CAD990}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{0264C2AD-9DC8-488E-93C4-0F2162C8112B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0270BE3F-0A86-44B8-958A-C47FE148ABB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{0309F960-BC80-493A-9281-B7C91CF601C4}" = protocol=17 | dir=in | app=g:\installer\hpbcsiinstaller.exe | 
"{081D9C72-38DD-424E-A2BE-D352AE47A9C3}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{09B6FAFB-C1A1-4592-8176-C3C9D278090E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0D84DAC9-9997-4C56-84A9-6E6C7E8C82B8}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{124B710D-8138-4233-B605-02D9913A811B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{129D1C68-56FB-4D86-A197-88CEB8C890F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1F986169-6819-4FF6-B2C4-1AC75671EDE7}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2F60596C-1F17-4B87-9FC8-F981BF0430B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{32642023-11AE-482C-AD8C-CF7FD30C60A2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{4A2C44AB-B1AF-490E-B92A-D1EE5C7B5AB8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4AE8441E-3FBD-413C-A3F8-66458DEB039E}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4FE88E95-D876-41C3-9B7E-03837203A059}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\0ef0ea0d-f945-4958-85cc-60ff1e86d216\installer\hpbcsiinstaller.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{54B28015-BE8F-4270-A551-F84A459C4265}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5678292A-EF3F-4C25-8DBE-0D6FC9BFCE7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5DE24501-A597-42D4-9D24-15A125F469A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6486891B-D86B-4D52-B139-2949F074E106}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{659B7659-565B-4079-A9F3-E928E49F33A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6B8FBFB3-BDBA-4C69-89E9-1AF03622C198}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{7BAFB89B-9DA7-4809-956F-B32D2AAF58D6}" = protocol=6 | dir=in | app=g:\installer\hpbcsiinstaller.exe | 
"{7D1125C6-C93C-44FD-A197-91E4C48A92FF}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\0ef0ea0d-f945-4958-85cc-60ff1e86d216\installer\hpbcsiinstaller.exe | 
"{7D734AD0-C2A9-4481-98FB-D9A9CE2B2C53}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{7F0DB1A1-6622-4928-A2DD-9347F914BEF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8738863C-1545-4C67-8D5C-CADAD09DF6E3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{8CF8559D-4501-4E6A-8185-1848A189EF11}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{8D2A8C66-0177-4C3B-8C31-A7CB224CA984}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9653B6D5-D11C-4DD6-9198-5F4A00517AD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9E45CEBB-7E1D-45E7-8C4A-5A899FCB7CC1}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{A6FBE238-04A4-4FB2-8A56-63FEC016F506}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ADA5DEE4-1712-49F8-AC9B-24605BE2A001}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B1DD2966-567C-4C65-99AF-7A2856EA30FA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{BA1471B4-2882-48F1-9B85-86AABC3F0AC6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{EB36BB10-24C7-4087-B1B4-37D2CDAB253B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{ECA0A80E-7D21-46AC-9B2B-CBD5734CA092}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F91D34BE-A267-4CBE-9A3F-2C6F36DE4BFC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9C807F9-5F9C-448D-AFBB-CB85982FAE16}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{FDC2DBE6-C21C-49B1-AD88-13F22F8C0E67}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{FF996885-7FDA-4C92-B122-C1CC9A4FF0FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5677B005-B609-4B5B-9F3C-132BB085D3CF}" = Microsoft SQL Server Management Objects Collection 
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.74
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OptimizerPro" = OptimizerPro
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{07397706-FA6E-43EC-AF96-C2233FB4F896}" = NimoFilm2.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACCUCHEK360)
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3AF6EF15-5841-4FF8-A3FC-5B2400AB9145}" = Borland Data Engine
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4083807-2479-447E-807A-7F23A80D1B3E}" = ACCU-CHEK 360°
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"4game" = 4game
"4game_pointblank" = PointBlank
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_N5_En" = AsusScr_N5_En
"Avira AntiVir Desktop" = Avira Internet Security 2012
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly (remove only)
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{F4083807-2479-447E-807A-7F23A80D1B3E}" = ACCU-CHEK 360°
"IsoBuster_is1" = IsoBuster 3.0
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mini-KMS Auto Activation Tool 1.13" = mini-KMS Auto Activation Tool 1.13
"MiPony" = MiPony 2.0.2
"Movavi Video Converter 12" = Movavi Video Converter 12
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 12.15.1748" = Opera 12.15
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PriceGong" = PriceGong 2.6.4
"ProInst" = Intel PROSet Wireless
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Video Downloader" = Video Downloader
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"898157289.portal.qtrax.com" = Qtrax Player
"DealPly" = DealPly
"DSite" = Update for Mipony Download Manager
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2013 15:51:03 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 186125
 
Error - 02.01.2013 15:51:04 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.01.2013 15:51:04 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 187124
 
Error - 02.01.2013 15:51:04 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 187124
 
Error - 02.01.2013 15:51:05 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.01.2013 15:51:05 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 188138
 
Error - 02.01.2013 15:51:05 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 188138
 
Error - 02.01.2013 15:51:06 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.01.2013 15:51:06 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 189136
 
Error - 02.01.2013 15:51:06 | Computer Name = Rosin | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 189136
 
[ System Events ]
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary 
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2013 17:23:11 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2013 17:23:12 | Computer Name = Rosin | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  ATKWMIACPIIO  avfwot  avipbb  avkmgr  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr
sptd
tdx
tmtdi
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
 
Error - 26.04.2013 17:25:12 | Computer Name = Rosin | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

Alt 27.04.2013, 00:26   #5
aharonov
/// TB-Ausbilder
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hallo,

ja FRST wäre auch brauchbar gewesen. Aber als ich meine Antwort geschrieben habe, hab ich das Log nicht gesehen (bzw. du hast es grad noch nicht gepostet gehabt). Machen wir mit OTL weiter.
Der Schritt 1 entsperrt den Rechner. Die weiteren Schritte dann wieder im normalen Modus ausführen.


Schritt 1

Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    (Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)
    Code:
    ATTFilter
    :OTL
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:373E1720
    O20 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001 Winlogon: Shell - (C:\Users\Dienstleistungen\AppData\Roaming\skype.dat)
    [2013.04.26 18:34:21 | 000,000,004 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
    
    :commands
    [emptytemp]
             
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.
Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 3

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 4

Verschiebe die OTL.exe vom USB-Stick auf deinen Desktop und starte sie.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von Gmer
  • Log von OTL

__________________
cheers,
Leo

Alt 27.04.2013, 09:09   #6
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hallo Leo,

OTL hat mir keine Fixlog erstellt :-( habe es mehrmals versucht. Normal booten geht, weißer bildschirm ist weg, hab dann nochmal fix mit otl ausgeführt, wieder nix erstellt worden OTL ist nach einiger zeit abgestürzt (keine Rückmeldung)

Die anderen beiden dateien habe ich:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-27 10:00:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: cvi50b87.exe; Driver: C:\Users\DIENST~1\AppData\Local\Temp\pxldrpod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                         00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                        000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                      00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                      00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                      00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!RegSetValueExA                                               00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                           000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                             000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                         000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                          000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                        000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\ole32.dll!CoCreateInstance                                                000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                               000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                        000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                          000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                             000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                      000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                       000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                     000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files (x86)\4game\4game-service.exe[1808] C:\Windows\syswow64\user32.dll!DialogBoxParamW                                                          00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\4game\4game-service.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\4game\4game-service.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                              00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                              00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                              00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                       00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                   000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                     000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                        000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                 000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                        000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Windows\System32\igfxpers.exe[2092] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                       000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                  000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                         00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                     000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                          000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                   000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\ole32.dll!CoCreateInstance                                                          000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                         000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                  000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                          000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                        00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                        00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                        00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                 00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                             000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                               000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                  000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                           000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                            000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2108] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                          000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                 000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                               00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                               00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                               00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\kernel32.dll!RegSetValueExA                                        00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                    000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                      000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                         000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                  000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                   000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                 000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\ole32.dll!CoCreateInstance                                         000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2124] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                        000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2272] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                   000000007787efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                 00000000778a99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                 00000000778b94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                 00000000778b9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                          00000000778da500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                      000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                        000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                           000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                    000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                     000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                   000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\ole32.dll!CoCreateInstance                                                           000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                          000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                       0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                              0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                              0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                              0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                   0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                 0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                     0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                        0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                  0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                        00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                       0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                        0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                    0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                           0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                           0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                           0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                             0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                              0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                     0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                     00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                             0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                               0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                    0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                     0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe[3040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                               0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                      0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                      0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                      0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                        0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                           0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                         0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                             0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                        0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                          0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                               0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                   0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                   0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                   0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                     0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                             0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                            0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                             0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                     0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                       0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                             00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                   0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                   0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                   0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                     0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                             0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                             00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                     0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                       0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                            0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                             0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                       0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                       0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                       0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                         0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                 0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                         0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                           0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                 0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                           0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                  0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                  0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                  0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                    0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                       0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                     0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                         0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                            0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                            00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                    0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                      0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                           0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                            0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                    0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                           0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                           0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                           0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                             0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                              0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                     0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                     00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                             0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                               0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                    0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                     0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                     0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                 0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                               0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                   0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                      00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2840] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                   0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                       0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                       0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                       0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                         0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                 0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                         0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                           0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                 00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                 0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                             0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                    0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                         0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                       0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                           0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                              0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                      0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                        0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                             0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                              0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                        00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                      0000000074701a22 2 bytes [70, 74]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                      0000000074701ad0 2 bytes [70, 74]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                      0000000074701b08 2 bytes [70, 74]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                      0000000074701bba 2 bytes [70, 74]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                      0000000074701bda 2 bytes [70, 74]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000076441465 2 bytes [44, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3352] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                            00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2476] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                         00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076441465 2 bytes [44, 76]
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\ASUS.SYS\SIONExportService.exe[3848] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                       00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\ASUS.SYS\SIONExportService.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000076441465 2 bytes [44, 76]
.text   C:\ASUS.SYS\SIONExportService.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3908] C:\Windows\syswow64\user32.dll!DialogBoxParamW                                    00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[448] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                      00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files\Web Assistant\ExtensionUpdaterService.exe[4248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files\Web Assistant\ExtensionUpdaterService.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076441465 2 bytes [44, 76]
.text   C:\Program Files\Web Assistant\ExtensionUpdaterService.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4492] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                      00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                   000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Windows\system32\wbem\unsecapp.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\ole32.dll!CoCreateInstance                                   000007fefe727490 11 bytes JMP 000007fffde60228
.text   C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[5344] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                  000007fefe73bf00 7 bytes JMP 000007fffde60260
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                     00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                       0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                       0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                       0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                         0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                 0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                         0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                           0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                0000000076b25ea5 5 bytes JMP 0000000173031ce0
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                 0000000076b59d0b 5 bytes JMP 0000000173031c70
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefde73460 7 bytes JMP 000007fffde600d8
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefde79940 6 bytes JMP 000007fffde60148
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefde79fb0 5 bytes JMP 000007fffde60180
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefde7a150 5 bytes JMP 000007fffde60110
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007feffa889e0 8 bytes JMP 000007fffde601f0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007feffa8be40 8 bytes JMP 000007fffde601b8
.text   C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[7032] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[7032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[7032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5852] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                          00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                    00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                          00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076441465 2 bytes [44, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                         0000000076ed1429 7 bytes JMP 0000000173031e90
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                0000000076eeb223 5 bytes JMP 0000000173031da0
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                0000000076f688f4 7 bytes JMP 0000000173031d90
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                0000000076f68979 5 bytes JMP 0000000173031e80
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  0000000076f68ccf 5 bytes JMP 0000000173031e10
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                     0000000076e51d1b 5 bytes JMP 0000000173032490
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                   0000000076e51dc9 5 bytes JMP 00000001730324f0
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                       0000000076e52aa4 5 bytes JMP 0000000173032560
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000076e52d0a 5 bytes JMP 00000001730326b0
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  0000000076a1e9a2 5 bytes JMP 0000000173031a00
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    0000000076a1ebdc 5 bytes JMP 0000000173031a90
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                          00000000765ecfca 5 bytes JMP 0000000173b74620
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076441465 2 bytes [44, 76]
.text   C:\Users\Dienstleistungen\Desktop\cvi50b87.exe[7136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000764414bb 2 bytes [44, 76]
.text   ...                                                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread   [3476:3504]                                                                                                                                                 0000000070d4765f
Thread   [3476:3508]                                                                                                                                                 0000000070dc2695
Thread   [3476:3944]                                                                                                                                                 0000000070dc2695
Thread   [3476:2120]                                                                                                                                                 0000000077b92e25
Thread   [3476:4192]                                                                                                                                                 0000000070dc2695
Thread   [3476:4196]                                                                                                                                                 0000000070c9d454
Thread   [3476:4200]                                                                                                                                                 0000000070dc2695
Thread   [3476:4256]                                                                                                                                                 0000000070dc2695
Thread   [3476:4260]                                                                                                                                                 0000000070dc2695
Thread   [3476:4264]                                                                                                                                                 0000000070dc2695
Thread   [3476:4312]                                                                                                                                                 0000000070dc2695
Thread   [3476:4316]                                                                                                                                                 0000000070c8d6ff
Thread   [3476:4340]                                                                                                                                                 0000000070f53803
Thread   [3476:1672]                                                                                                                                                 0000000070dc2695
Thread   [3476:3172]                                                                                                                                                 0000000070dc2695
Thread   [3476:3396]                                                                                                                                                 0000000077b93e45
Thread   [3476:6540]                                                                                                                                                 0000000077b93e45
Thread   [3476:5940]                                                                                                                                                 0000000077b97111
Thread   [3476:6676]                                                                                                                                                 0000000077b93e45
Thread   [3476:5240]                                                                                                                                                 0000000070dc2695

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77372b4525                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                              178
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                          0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                          0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                       0x6D 0xB4 0x88 0xAC ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                 0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                              0xD4 0x9D 0x40 0xCD ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                         0xC2 0x5D 0x13 0xE4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77372b4525 (not active ControlSet)                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                              0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                              0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                           0x6D 0xB4 0x88 0xAC ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                     0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                  0xD4 0x9D 0x40 0xCD ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                             0xC2 0x5D 0x13 0xE4 ...

---- EOF - GMER 2.1 ----
         

Alt 27.04.2013, 09:14   #7
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Code:
ATTFilter
OTL logfile created on: 27.04.2013 10:01:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dienstleistungen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,47 Gb Available Physical Memory | 69,11% Memory free
15,82 Gb Paging File | 13,49 Gb Available in Paging File | 85,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 217,26 Gb Free Space | 72,42% Space Free | Partition Type: NTFS
Drive D: | 373,63 Gb Total Space | 299,15 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 303,11 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive F: | 349,31 Gb Total Space | 347,49 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive H: | 960,39 Mb Total Space | 884,73 Mb Free Space | 92,12% Space Free | Partition Type: FAT
 
Computer Name: ROSIN | User Name: Dienstleistungen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 23:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
PRC - [2012.12.06 16:50:44 | 000,935,288 | ---- | M] (Innova Co S.a r.l.) -- C:\Program Files (x86)\4game\4game-service.exe
PRC - [2012.11.10 11:59:02 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.21 10:46:16 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.08.01 11:32:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.06 22:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.14 15:52:04 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 15:52:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 15:52:04 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:52:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 15:52:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.06.02 23:11:06 | 000,064,128 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011.05.31 19:56:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011.05.27 17:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.11 00:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\SIONExportService.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.01.15 00:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.10.25 15:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.08 12:08:35 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011.06.09 05:24:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013.01.28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.04.18 14:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:45:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.06 16:50:44 | 000,935,288 | ---- | M] (Innova Co S.a r.l.) [Auto | Running] -- C:\Program Files (x86)\4game\4game-service.exe -- (4game-service)
SRV - [2012.11.10 11:59:02 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.14 15:52:04 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:52:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 15:52:04 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:52:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 15:52:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.02 23:11:06 | 000,064,128 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.05.27 17:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.11 00:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.01.15 00:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010.11.13 00:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.11.13 10:34:36 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.11.13 10:34:36 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 15:52:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 15:52:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.29 21:23:02 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.09 05:24:50 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.24 15:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.03.24 15:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.26 02:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.01.27 19:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 19:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.07 09:30:00 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.03 06:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={359216DD-A5DE-4266-953E-9AFB16723869}
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={359216DD-A5DE-4266-953E-9AFB16723869}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&tt=070312_xn2&babsrc=HP_ss&mntrId=2676BC77372B4522
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848&SSPV=TB_IEOB25
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes,DefaultScope = {FC370D95-A24F-4BBC-820B-4A0796C7F42C}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=070312_xn2&babsrc=SP_ss&mntrId=2676BC77372B4522
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{74F917E6-EBA6-4D1B-A72E-6C3F9BA8CAD2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=665cb7f8-6ab4-463f-bcf3-7e8a04717a8a&apn_sauid=D7A558BA-7F58-4B37-A6DA-A8EC53F653A1
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQHDdKVJu&i=26
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={359216DD-A5DE-4266-953E-9AFB16723869}
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{FC370D95-A24F-4BBC-820B-4A0796C7F42C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=TB_IEOB25
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3272810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US New E1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=3&q={searchTerms}&CUI=UN94487078675173088"
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: %7B72a0f495-ba60-4524-827b-b36b8c18587a%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN54578005321058935&UM=&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "80.82.145.52"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "80.82.145.52"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "80.82.145.52"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "80.82.145.52"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.17 17:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 16:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011.12.31 20:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.01.02 04:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.17 17:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.13 18:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 12:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.04.25 17:19:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 12:46:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:41:04 | 000,000,000 | ---D | M]
 
[2011.11.29 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Extensions
[2013.04.21 10:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions
[2013.04.18 14:58:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.04.21 10:48:27 | 000,000,000 | ---D | M] (WhiteSmoke US New E1) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
[2013.02.18 20:10:44 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2013.03.14 18:37:55 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\amo@dealplyshopping.com
[2013.03.14 18:36:01 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\ffxtlbr@delta.com
[2012.08.25 15:56:52 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\ffxtlbr@incredibar.com
[2013.01.21 21:59:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\ai9fqa58.default\extensions\toolbar@ask.com
[2013.03.23 21:59:35 | 000,502,957 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\toolbar@gmx.net.xpi
[2012.12.11 22:24:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.08 13:49:09 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.03.23 21:59:40 | 000,001,050 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\11-suche.xml
[2013.01.21 21:59:14 | 000,002,335 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\askcom.xml
[2013.03.14 18:36:04 | 000,001,294 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\delta.xml
[2013.03.14 18:38:30 | 000,001,064 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013.03.23 21:59:40 | 000,002,418 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\englische-ergebnisse.xml
[2013.03.23 21:59:40 | 000,010,701 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\gmx-suche.xml
[2013.03.23 21:59:40 | 000,002,432 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\lastminute.xml
[2012.08.25 15:56:30 | 000,002,203 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\MyStart Search.xml
[2012.09.24 17:01:04 | 000,003,915 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\sweetim.xml
[2013.03.23 21:59:40 | 000,005,682 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\firefox\profiles\ai9fqa58.default\searchplugins\webde-suche.xml
[2013.04.22 18:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.25 12:46:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.25 12:46:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.25 12:46:14 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta (Enabled)
CHR - default_search_provider: search_url = hxxp://www.search.delta-search.com/?q={searchTerms}&affID=119370&tt=070312_xn2&babsrc=SP_ss_d2sg&mntrId=2676BC77372B4522
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.search.delta-search.com/?affID=119370&tt=070312_xn2&babsrc=HP_ss_d2sg&mntrId=2676BC77372B4522
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: PriceGong = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: YouTube = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\
CHR - Extension: Delta Toolbar = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: DealPly Shopping = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: PriceGong = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: YouTube = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\
CHR - Extension: Delta Toolbar = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: DealPly Shopping = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [GoogleChromeAutoLaunch_16D39EE45B44C3ADD23B6D558920E4B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B97F4189-3125-4A03-85C9-0A45DC37C442}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F34C148C-A214-4197-AB6E-59B6E6C475D0}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c4a9521-33d3-11e1-a765-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0c4a9521-33d3-11e1-a765-806e6f6e6963}\Shell\AutoRun\command - "" = I:\noautorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 10:00:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
[2013.04.27 09:16:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.15 02:46:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Silag_prefs
[2013.04.04 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{03D45E47-FCC5-4D74-8D2A-30444A99D6FC}
[2013.04.03 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{0D1721E4-D432-46A8-AF7C-45BC6CA87DC5}
[2013.03.30 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 08:43:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 08:43:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 08:39:55 | 001,663,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.27 08:39:55 | 000,713,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.27 08:39:55 | 000,674,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.27 08:39:55 | 000,152,324 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.27 08:39:55 | 000,128,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 08:36:09 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013.04.27 08:34:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.27 08:34:03 | 2076,753,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.27 08:33:10 | 000,000,188 | ---- | M] () -- C:\Users\Dienstleistungen\defogger_reenable
[2013.04.27 08:22:58 | 000,377,856 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\cvi50b87.exe
[2013.04.27 08:22:12 | 000,050,477 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\Defogger.exe
[2013.04.27 00:16:57 | 000,000,004 | ---- | M] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
[2013.04.26 23:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
[2013.04.26 22:53:00 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013.04.26 20:27:19 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{796F4199-9CB6-4650-A45D-8293855330C6}.job
[2013.04.26 20:27:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.04.26 20:09:59 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013.04.26 20:09:22 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 19:13:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 16:08:38 | 000,022,879 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.22 18:03:03 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.17 17:48:29 | 001,309,906 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.04.12 00:13:58 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.11 13:15:37 | 000,500,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.30 17:55:44 | 000,062,867 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.30 15:10:53 | 753,354,787 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.04.27 08:33:09 | 000,000,188 | ---- | C] () -- C:\Users\Dienstleistungen\defogger_reenable
[2013.04.27 08:32:58 | 000,377,856 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\cvi50b87.exe
[2013.04.27 08:32:58 | 000,050,477 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\Defogger.exe
[2013.04.26 22:53:00 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013.04.26 18:34:21 | 000,000,004 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.ini
[2013.04.26 16:08:38 | 000,022,879 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.17 17:48:29 | 001,309,906 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.03.30 17:55:43 | 000,062,867 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.20 00:11:08 | 000,114,176 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\BabMaint.exe
[2013.03.07 16:23:51 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.11.10 11:59:34 | 000,233,960 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 11:59:02 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.10 00:39:20 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.11 13:23:39 | 000,087,040 | ---- | C] () -- C:\Users\Dienstleistungen\AppData\Roaming\skype.dat
[2012.01.01 12:17:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.01.01 10:41:46 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.06 14:41:51 | 001,558,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.06 00:25:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.08.06 00:10:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.12 10:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.12 10:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.12 10:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.12 10:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.12 10:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.12 10:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.05.11 00:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.25 12:53:43 | 000,000,000 | -HSD | M] -- C:\Users\Dienstleistungen\AppData\Roaming\.#
[2011.11.29 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\ASUS WebStorage
[2013.03.14 18:36:01 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\BabSolution
[2012.01.23 02:28:25 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Babylon
[2012.01.01 13:10:04 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DAEMON Tools Lite
[2013.03.14 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DealPly
[2013.03.14 18:35:58 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Delta
[2013.03.14 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DSite
[2013.01.13 18:14:24 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoft
[2012.02.18 17:06:50 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.29 13:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\MOVAVI
[2011.12.27 13:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Nuance
[2012.05.21 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Omfodrlg
[2013.01.13 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\OpenCandy
[2011.12.31 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Opera
[2013.01.10 01:59:14 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Optimizer Pro
[2011.12.31 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\SoftGrid Client
[2012.06.29 04:01:12 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Thinstall
[2011.12.06 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\TP
[2013.01.13 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\TuneUp Software
[2011.12.15 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Ukw
[2011.12.23 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Youtube Downloader HD
[2011.11.30 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.03.09 15:22:42 | 003,230,253 | ---- | C] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
[2012.09.08 16:59:24 | 000,013,997 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.09.08 16:59:23 | 000,013,997 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.04.10 00:24:06 | 000,336,320 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:24:05 | 000,336,320 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:23:21 | 000,042,292 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2012.04.10 00:23:20 | 000,042,292 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2006.03.23 14:38:58 | 003,230,253 | ---- | M] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
         

Alt 27.04.2013, 11:16   #8
aharonov
/// TB-Ausbilder
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Ok, dann mach so weiter:


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • OptimizerPro
    • Ask Toolbar
    • Delta toolbar
    • Delta Chrome Toolbar
    • Incredibar Toolbar on IE
    • Optimizer Pro v3.0
    • PriceGong 2.6.4
    • Ask Toolbar Updater
    • DealPly
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 27.04.2013, 11:41   #9
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Hi,

alles erledigt, Combofix hat gemeckert das Antivirus noch an war, war aber aus.

( ein usbstick mit bildern war angeschlossen während der pc infiziert wurde, soll ich den den UsbStick auch mal über virenscanner laufen lassen?)

Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 27/04/2013 um 12:25:07 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dienstleistungen - ROSIN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dienstleistungen\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Web Assistant Updater
Gestoppt & Gelöscht : WebOptimizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
Ordner Gelöscht : C:\Users\Dienstleistungen\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\590d9dfe06aba43
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\590d9dfe06aba43
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5B5A55F-7CF8-4248-80FE-952DF8F4B3BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F89620C8-E173-4C91-A4F3-00E8E07BAB9A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848&SSPV=TB_IEOB25 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={359216DD-A5DE-4266-953E-9AFB16723869} --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Dienstleistungen\AppData\Roaming\Mozilla\Firefox\Profiles\djp082k2.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Dienstleistungen\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://mystart.incredibar.com/mb155?a=6PQHDdKVJu&i=26

*************************

AdwCleaner[S1].txt - [18489 octets] - [27/04/2013 12:25:07]

########## EOF - C:\AdwCleaner[S1].txt - [18550 octets] ##########
         
Code:
ATTFilter
ComboFix 13-04-27.04 - Dienstleistungen 27.04.2013  12:32:36.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8102.6357 [GMT 2:00]
ausgeführt von:: c:\users\Dienstleistungen\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\Dienstleistungen\AppData\Roaming\.#
c:\users\Dienstleistungen\AppData\Roaming\skype.dat
c:\users\Dienstleistungen\AppData\Roaming\skype.ini
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-27 bis 2013-04-27  ))))))))))))))))))))))))))))))
.
.
2013-04-27 10:38 . 2013-04-27 10:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-27 10:38 . 2013-04-27 10:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-27 09:11 . 2013-04-27 09:11	--------	d-----w-	c:\users\Dienstleistungen\AppData\Roaming\Avira
2013-04-27 09:05 . 2013-04-27 09:03	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-27 09:05 . 2013-04-27 09:03	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-27 09:05 . 2013-04-27 09:03	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-27 09:05 . 2013-04-27 09:05	--------	d-----w-	c:\program files (x86)\Avira
2013-04-27 07:16 . 2013-04-27 07:16	--------	d-----w-	C:\FRST
2013-04-24 10:25 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 12:40 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 12:40 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 12:40 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 12:40 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 12:40 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 12:40 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 12:39 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 12:39 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 12:39 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 12:39 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 12:39 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:39 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:39 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 12:39 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 18:09 . 2011-08-05 22:25	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe
2013-04-11 06:51 . 2011-12-06 12:07	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-23 11:37 . 2012-11-10 09:59	233960	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-23 11:36 . 2012-11-10 09:59	233960	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-12 20:45 . 2012-07-12 16:49	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:45 . 2011-12-07 22:52	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 20:45 . 2013-03-12 20:45	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-12 05:45 . 2013-03-13 16:31	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 16:31	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 16:31	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 16:31	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 16:31	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 16:31	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-23 01:42	19968	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 04:12 . 2013-03-23 01:42	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-01-28 13:19 . 2013-01-13 16:15	35104	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-28 13:19 . 2013-01-13 17:23	37664	----a-w-	c:\windows\system32\uxtuneup.dll
2013-01-28 13:19 . 2013-01-13 17:23	29984	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-01-28 13:19 . 2013-01-13 16:15	26400	----a-w-	c:\windows\system32\authuitu.dll
2013-01-28 13:19 . 2013-01-13 16:15	21792	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-01-01 11:26	2048	--sha-w-	c:\windows\actofvl\clip.exe
2012-01-01 11:26	151552	--sha-w-	c:\windows\actofvl\KMService.exe
2012-01-01 11:26	37888	--sha-w-	c:\windows\actofvl\msgbox.exe
2012-01-01 11:26	127232	--sha-w-	c:\windows\actofvl\osppc.dll
2012-01-01 11:26	14176	--sha-w-	c:\windows\actofvl\ospprearm.exe
2012-01-01 11:26	122880	--sha-w-	c:\windows\actofvl\reg.exe
2012-01-01 11:28	72738	--sha-w-	c:\windows\actofvl\Uninstall.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-27 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ACCU-CHEK® 360° – Automatische Erkennung.lnk - c:\users\Dienstleistungen\Desktop\ACCU-CHEK 360\Application\ApplicationMain.exe [2010-7-16 81920]
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/05 15:31;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-10-03 22040]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys [2010-12-07 23576]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-09 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-27 28600]
S2 4game-service;4game-service;c:\program files (x86)\4game\4game-service.exe [2012-12-06 935288]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-27 86752]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-06-02 64128]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe [2011-05-10 338208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-27 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 125416]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 385512]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:13	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 20:45]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 07:45]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 07:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dienstleistungen\AppData\Roaming\Mozilla\Firefox\Profiles\djp082k2.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: 2013-03-08 12:41; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-DSite - c:\users\DIENST~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-27  12:40:36
ComboFix-quarantined-files.txt  2013-04-27 10:40
.
Vor Suchlauf: 11 Verzeichnis(se), 240.195.891.200 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 240.522.452.992 Bytes frei
.
- - End Of File - - C4FAABE2F1062FDB0994D74F10495134
         
Code:
ATTFilter
OTL logfile created on: 27.04.2013 12:41:17 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dienstleistungen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,74% Memory free
15,82 Gb Paging File | 13,81 Gb Available in Paging File | 87,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 224,10 Gb Free Space | 74,70% Space Free | Partition Type: NTFS
Drive D: | 373,63 Gb Total Space | 299,24 Gb Free Space | 80,09% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 303,11 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive F: | 349,31 Gb Total Space | 347,49 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive H: | 960,39 Mb Total Space | 879,08 Mb Free Space | 91,53% Space Free | Partition Type: FAT
 
Computer Name: ROSIN | User Name: Dienstleistungen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.27 11:03:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.27 11:03:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.27 11:03:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.26 23:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
PRC - [2012.12.06 16:50:44 | 000,935,288 | ---- | M] (Innova Co S.a r.l.) -- C:\Program Files (x86)\4game\4game-service.exe
PRC - [2012.11.10 11:59:02 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.02 23:11:06 | 000,064,128 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011.05.31 19:56:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011.05.27 17:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.11 00:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\SIONExportService.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.01.15 00:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.10.25 15:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.09 05:24:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.04.27 11:03:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.27 11:03:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:45:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.06 16:50:44 | 000,935,288 | ---- | M] (Innova Co S.a r.l.) [Auto | Running] -- C:\Program Files (x86)\4game\4game-service.exe -- (4game-service)
SRV - [2012.11.10 11:59:02 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011.06.02 23:11:06 | 000,064,128 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.05.27 17:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.11 00:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.01.15 00:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010.11.13 00:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.27 11:03:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.27 11:03:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.27 11:03:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.09 05:24:50 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.24 15:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.03.24 15:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.26 02:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.01.27 19:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 19:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.07 09:30:00 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.03 06:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{74F917E6-EBA6-4D1B-A72E-6C3F9BA8CAD2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=665cb7f8-6ab4-463f-bcf3-7e8a04717a8a&apn_sauid=D7A558BA-7F58-4B37-A6DA-A8EC53F653A1
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\..\SearchScopes\{FC370D95-A24F-4BBC-820B-4A0796C7F42C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=TB_IEOB25
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 16:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011.12.31 20:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.01.02 04:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.27 11:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:41:04 | 000,000,000 | ---D | M]
 
[2013.04.27 11:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Extensions
[2013.04.27 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dienstleistungen\AppData\Roaming\mozilla\Firefox\Profiles\djp082k2.default\extensions
[2013.04.27 11:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=119370&tt=070312_xn2&babsrc=HP_ss_bay2g&mntrId=2676BC77372B4522
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Dienstleistungen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.27 12:38:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B97F4189-3125-4A03-85C9-0A45DC37C442}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F34C148C-A214-4197-AB6E-59B6E6C475D0}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4028573317-340777637-1847224931-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 12:30:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.27 12:30:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.27 12:30:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.27 12:29:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.27 12:29:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.27 12:24:29 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\Dienstleistungen\Desktop\ComboFix.exe
[2013.04.27 11:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.27 11:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Roaming\Avira
[2013.04.27 11:05:50 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.27 11:05:50 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.27 11:05:50 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.27 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.27 10:00:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
[2013.04.27 09:16:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.15 02:46:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Silag_prefs
[2013.04.04 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{03D45E47-FCC5-4D74-8D2A-30444A99D6FC}
[2013.04.03 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\AppData\Local\{0D1721E4-D432-46A8-AF7C-45BC6CA87DC5}
[2013.03.30 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 12:38:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.27 12:37:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 12:37:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 12:28:03 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013.04.27 12:26:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.27 12:26:35 | 2076,753,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.27 12:25:14 | 001,663,570 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.27 12:25:14 | 000,713,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.27 12:25:14 | 000,674,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.27 12:25:14 | 000,152,324 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.27 12:25:14 | 000,128,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 12:22:12 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\Dienstleistungen\Desktop\ComboFix.exe
[2013.04.27 12:20:42 | 000,619,461 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\adwcleaner.exe
[2013.04.27 11:59:29 | 000,000,656 | ---- | M] () -- C:\WifiInfo.ini.enc
[2013.04.27 11:55:44 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.27 11:03:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.27 11:03:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.27 11:03:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.27 08:33:10 | 000,000,188 | ---- | M] () -- C:\Users\Dienstleistungen\defogger_reenable
[2013.04.27 08:22:58 | 000,377,856 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\cvi50b87.exe
[2013.04.27 08:22:12 | 000,050,477 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\Defogger.exe
[2013.04.26 23:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dienstleistungen\Desktop\OTL.exe
[2013.04.26 22:53:00 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013.04.26 20:09:59 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013.04.26 20:09:22 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 19:13:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 16:08:38 | 000,022,879 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.17 17:48:29 | 001,309,906 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.04.12 00:13:58 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.11 13:15:37 | 000,500,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.30 17:55:44 | 000,062,867 | ---- | M] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.30 15:10:53 | 753,354,787 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.04.27 12:30:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.27 12:30:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.27 12:30:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.27 12:30:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.27 12:30:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 12:24:29 | 000,619,461 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\adwcleaner.exe
[2013.04.27 11:55:43 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.27 11:55:43 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.27 08:33:09 | 000,000,188 | ---- | C] () -- C:\Users\Dienstleistungen\defogger_reenable
[2013.04.27 08:32:58 | 000,377,856 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\cvi50b87.exe
[2013.04.27 08:32:58 | 000,050,477 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\Defogger.exe
[2013.04.26 22:53:00 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013.04.26 16:08:38 | 000,022,879 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 2.pdf
[2013.04.26 16:01:14 | 000,022,876 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\lkw walter 1.pdf
[2013.04.25 12:54:26 | 000,993,854 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\brief.pdf
[2013.04.17 17:48:29 | 001,309,906 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\autoMwSt.pdf
[2013.03.30 17:55:43 | 000,062,867 | ---- | C] () -- C:\Users\Dienstleistungen\Desktop\WEB.DE FreeMail.htm
[2013.03.07 16:23:51 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.11.10 11:59:34 | 000,233,960 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 11:59:02 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.10 00:39:20 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.01 12:17:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.01.01 10:41:46 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.06 14:41:51 | 001,558,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.06 00:25:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.08.06 00:10:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.12 10:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.12 10:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.12 10:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.12 10:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.12 10:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.12 10:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.05.11 00:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.29 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\ASUS WebStorage
[2012.01.01 13:10:04 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DAEMON Tools Lite
[2013.03.14 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DSite
[2013.01.13 18:14:24 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\DVDVideoSoft
[2012.09.29 13:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\MOVAVI
[2011.12.27 13:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Nuance
[2012.05.21 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Omfodrlg
[2011.12.31 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Opera
[2011.12.31 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\SoftGrid Client
[2012.06.29 04:01:12 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Thinstall
[2011.12.06 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\TP
[2013.01.13 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\TuneUp Software
[2011.12.15 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Ukw
[2011.12.23 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Youtube Downloader HD
[2011.11.30 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Dienstleistungen\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.03.09 15:22:42 | 003,230,253 | ---- | C] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
[2012.09.08 16:59:24 | 000,013,997 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.09.08 16:59:23 | 000,013,997 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????? ????.docx) -- C:\Users\Dienstleistungen\Documents\конечно есть.docx
[2012.04.10 00:24:06 | 000,336,320 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:24:05 | 000,336,320 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????1.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК1.docx
[2012.04.10 00:23:21 | 000,042,292 | ---- | M] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2012.04.10 00:23:20 | 000,042,292 | ---- | C] ()(C:\Users\Dienstleistungen\Documents\??????.docx) -- C:\Users\Dienstleistungen\Documents\ШАШЛЫК.docx
[2006.03.23 14:38:58 | 003,230,253 | ---- | M] ()(C:\Users\Dienstleistungen\Desktop\????  2.mp3) -- C:\Users\Dienstleistungen\Desktop\Трек  2.mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
         

Alt 27.04.2013, 17:18   #10
aharonov
/// TB-Ausbilder
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Wofür benötigst du dieses Programm?
Zitat:
mini-KMS Auto Activation Tool 1.13
__________________
cheers,
Leo

Alt 27.04.2013, 17:25   #11
drummy
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



hi,
mir sagt das programm nichts, wüsste jetzt nicht wofür das ist?? Löschen?

Danke dir für deine Hilfe, funktioniert jetzt perfekt und startet auch schneller als früher ;-)

Muss man noch was machen oder ist der PC fertig?

LG
Drummy

Geändert von drummy (27.04.2013 um 17:31 Uhr)

Alt 01.05.2013, 01:53   #12
aharonov
/// TB-Ausbilder
 
Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Standard

Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter



Zitat:
wüsste jetzt nicht wofür das ist??
Um ein MS Office zu cracken..

Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:
Cracks und Keygens

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden.

Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen.

Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________
cheers,
Leo

Antwort

Themen zu Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter
abgesicherte, abgesicherten, abgesicherten modus, abgesicherter, abgesicherter modus, arten, association, bildschirm, daten, eingabeaufforderung, farbar, farbar recovery scan tool, focus, frst.txt, funktionier, funktioniert, hallo zusammen, minidump, modus, nicht starten, optimizer pro, rechner, runter, sofort, starte, starten, startet, sweetpacks, virus, weiße, weißer, weißer bildschirm, wscript.exe, zusammen



Ähnliche Themen: Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter


  1. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 22.04.2014 (7)
  2. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 02.02.2014 (4)
  3. GVU Virus - Schwarzer Screen / USB Geräte fallen aus / Abgesicherter Modus fährt automatisch runter
    Plagegeister aller Art und deren Bekämpfung - 28.12.2013 (8)
  4. Windows 7 Home Premium nach Boot nur noch weißer Screen & Abgesicherter Modus startet sofort neu
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (14)
  5. Interpol Virus, Windows 7, Abgesicherter Modus fährt wieder runter
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (1)
  6. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  7. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  8. GVU Virus - abgesicherter Modus fährt automatisch runter - nichts funktioniert
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (15)
  9. Trojaner "urheberrecht Verletzung usw." Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (16)
  10. Trojaner, Abgesicherter Modus fährt sofort wieder runter
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (40)
  11. Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 20.06.2013 (23)
  12. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (15)
  13. Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (20)
  14. Weißer Bildschirm(Bundespolizei) Virus, kein abgesicherter Modus
    Log-Analyse und Auswertung - 16.05.2013 (11)
  15. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (12)
  16. Virus Weißer Bildschirm, Abgesicherter modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (13)
  17. GVU Virus, weißer Bildschirm, keine abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (5)

Zum Thema Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter - Hallo zusammen, ich habe den weißen bildschirm virus und bekomme ihn nicht weg, die daten auf dem Rechner sind mir sehr wichtig. ich kann auch den abgesicherten Modus nicht starten, - Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter...
Archiv
Du betrachtest: Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.