| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.06.2012, 10:06
| #1 |
 |  Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Hallo, seit einigen Tagen schieben sich in allen drei installierten Browsern (Chrome, FF, IE) unten rechts die gleichen Werbebanner ins Bild. Nicht auf allen Seiten, aber auf den meisten. Zudem werde ich beim surfen ab und an auf eine Werbeseite weitergeleitet, oft wird diese als "attackierende Seite" erkannt und geblockt. Insgesamt erscheint mir das Internet oder zumindest das Browser etwas langsamer. Über meinen Twitter Account wurden die letzten Tage Spam Nachrichten versendet, vielleicht hat das auch was damit zu tun.  AVG und MAM (beides aktuell) finden nix. Den anderen "Betroffenen" mit ähnlichen Symptomen habt ihr durch ein individuelles ComboFix File geholfen, vielleicht klappt das ja auch bei mir?  Der Anleitung folgend habe ich zunächst Defogger und dann OTL laufen lassen. Letzteres stoppt mit der Fehlermeldung "List index out of Bounds (21)". Eine OTL.txt wird trotzdem generiert, hier ihr Inhalt: Code:
ATTFilter OTL logfile created on: 21.06.2012 10:46:57 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Bloodhound5\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,90% Memory free 7,36 Gb Paging File | 5,40 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 134,95 Gb Total Space | 27,65 Gb Free Space | 20,49% Space Free | Partition Type: NTFS Computer Name: ALIENBABY-X | User Name: Bloodhound5 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.21 10:30:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe PRC - [2012.05.09 18:29:04 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012.01.06 15:13:19 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 14:22:28 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 14:22:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 14:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 14:22:12 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.06.14 14:22:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012.05.13 04:30:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 04:29:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.13 04:29:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 04:29:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 04:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 04:29:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.01.06 15:13:09 | 000,368,640 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.13 23:00:58 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.21 09:39:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.13 20:39:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.09 18:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.26 13:37:33 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.16 17:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Programme\CrashPlan\CrashPlanService.exe -- (CrashPlanService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.01.06 15:13:15 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.06.14 03:49:02 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 22:23:22 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.16 11:52:04 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.12.22 10:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 22:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 80 84 A7 40 38 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2 FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1 FF - prefs.js..extensions.enabledItems: VerticalBookmarksToolbar@alice:3.4 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {5274f9d8-138e-462e-8437-1d790141a7da}:1.03 FF - prefs.js..extensions.enabledItems: ireader@samabox.com:1.0.6 FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7 FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 15:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.17 22:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.05 22:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 09:39:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 18:48:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.13 18:48:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M] [2011.12.26 12:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions [2011.01.21 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.06.21 09:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions [2011.12.26 13:00:04 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.05.22 09:29:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2012.05.22 09:29:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\foxyproxy@eric.h.jung [2012.06.21 09:39:31 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\support@lastpass.com [2011.12.26 13:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions [2011.12.26 12:03:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions\support@lastpass.com [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\foxyproxy@eric.h.jung [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\support@lastpass.com [2012.06.16 21:09:06 | 000,002,533 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\diigo--google.xml [2012.06.16 21:09:09 | 000,001,018 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\facebook.xml [2011.01.24 23:54:01 | 000,002,057 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\youtube-videosuche.xml [2012.02.02 11:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.19 20:44:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\10018 [2012.01.31 10:48:21 | 000,022,740 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{82129504-17C6-4FEC-B132-9C17E61879CA}.XPI [2012.02.22 10:38:16 | 000,015,392 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI [2012.05.19 13:20:20 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.05.18 12:20:02 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.12.27 18:47:24 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.04.24 15:13:03 | 000,017,406 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALBOOKMARKSTOOLBAR@ALICE.XPI [2012.05.13 17:18:56 | 000,043,424 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALTOOLBAR@XULDEV.ORG.XPI [2012.06.21 09:39:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.21 09:39:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.21 09:39:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 09:39:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 09:39:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 09:39:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 09:39:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: AVG Safe Search = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ O1 HOSTS File: ([2012.05.16 23:07:37 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.10.57.36 www.google-analytics.com. O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net. O1 - Hosts: 69.10.57.36 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63395EAD-2F98-4836-A730-F4BDCD71EED2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 10:30:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe [2012.06.15 00:35:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.13 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.12 17:14:36 | 000,000,000 | ---D | C] -- C:\mukke tob geb [2012.06.12 15:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.05 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Microsoft Games [2012.06.05 13:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.06.05 03:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.06.05 03:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.06.03 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.06.03 23:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.06.03 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.06.03 23:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.21 10:40:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.21 10:40:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.21 10:40:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.21 10:40:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.21 10:40:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.21 10:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.21 10:30:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe [2012.06.21 10:28:51 | 000,050,477 | ---- | M] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe [2012.06.21 10:28:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:28:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.21 10:21:48 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.21 10:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 10:21:37 | 2962,276,352 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 10:03:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job [2012.06.21 09:29:00 | 100,594,855 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.06.21 00:03:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job [2012.06.20 19:32:26 | 000,001,456 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.06.16 21:12:03 | 000,388,036 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.14 14:21:53 | 004,913,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 22:12:22 | 435,000,859 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.12 15:45:43 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.06.11 19:48:04 | 000,001,314 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.06.03 13:51:18 | 000,001,058 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.21 10:28:51 | 000,050,477 | ---- | C] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe [2012.06.05 22:55:57 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.03.19 20:44:28 | 000,000,016 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\blckdom.res [2011.12.26 13:38:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.12.26 13:07:23 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.26 13:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.26 13:05:55 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.12.26 13:05:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.12.26 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.12.26 13:05:55 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.12.26 13:05:55 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.12.26 13:05:54 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.26 12:52:59 | 000,004,608 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.26 12:52:59 | 000,001,456 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.12.26 12:52:59 | 000,000,600 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\PUTTY.RND [2011.12.26 12:52:59 | 000,000,032 | RHS- | C] () -- C:\Users\Bloodhound5\AppData\Local\t56.dat [2011.12.26 12:28:50 | 000,038,547 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.12.26 12:28:50 | 000,007,069 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\e269720948.prf [2011.12.26 12:28:50 | 000,000,417 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\redirect.xml [2011.12.26 12:28:50 | 000,000,132 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.06.13 23:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft [2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018 [2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon [2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012 [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin [2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan [2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite [2012.06.21 10:21:54 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox [2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden [2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc [2012.05.10 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ! [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport [2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter [2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn [2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software [2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL [2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy [2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++ [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2 [2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2 [2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer [2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird [2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian [2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter [2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau [2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm [2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb [2009.07.14 07:08:49 | 000,029,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
24.06.2012, 17:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.Zitat:
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
25.06.2012, 15:57
| #3 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Gerne. Hier:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bloodhound5 :: ALIENBABY-X [Administrator] 25.06.2012 16:25:10 mbam-log-2012-06-25 (16-25-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 521923 Laufzeit: 27 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
25.06.2012, 16:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Führ bitte auch ESET aus, danach sehen wir weiter: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 17:46
| #5 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. vier funde: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=590cd7e9c661f14cb58e42162e2b5cf0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-25 04:43:46
# local_time=2012-06-25 06:43:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 15748382 15748382 0 0
# compatibility_mode=5893 16776574 100 94 15006090 92267788 0 0
# compatibility_mode=8192 67108863 100 0 3287979 3287979 0 0
# scanned=364381
# found=4
# cleaned=0
# scan_time=4688
C:\Users\Bloodhound5\AppData\Local\Temp\6C65.tmp a variant of Win32/Kryptik.AGJE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Bloodhound5\AppData\Local\Temp\L.class a variant of Java/Agent.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Bloodhound5\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\35da4ae-299203e1 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Bloodhound5\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\29bb91fb-56bcb75f multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
26.06.2012, 09:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. |
|
26.06.2012, 20:37
| #7 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Bis auf die Werbung alles super. Also: keine Probleme mit dem normal-Modus und auch im Startmenü fehlt nix. |
|
27.06.2012, 12:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 13:09
| #9 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Die otl.txt: Code:
ATTFilter OTL logfile created on: 27.06.2012 13:48:20 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Bloodhound5\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 49,40% Memory free 7,36 Gb Paging File | 4,94 Gb Available in Paging File | 67,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 134,95 Gb Total Space | 38,34 Gb Free Space | 28,41% Space Free | Partition Type: NTFS Drive D: | 176,31 Gb Total Space | 107,50 Gb Free Space | 60,97% Space Free | Partition Type: NTFS Computer Name: ALIENBABY-X | User Name: Bloodhound5 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 13:46:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.09 18:29:04 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012.01.06 15:13:19 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.03.16 17:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Programme\CrashPlan\CrashPlanTray.exe PRC - [2010.10.27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010.02.22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 14:22:28 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 14:22:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 14:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 14:22:12 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.06.14 14:22:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012.05.13 04:30:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 04:29:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.13 04:29:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 04:29:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 04:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 04:29:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.01.06 15:13:09 | 000,368,640 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.10.27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010.10.27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010.10.27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.02.22 05:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 19:58:17 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2008.04.16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008.04.02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008.04.02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008.04.02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.13 23:00:58 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.23 23:28:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.21 09:39:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.09 18:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.26 13:37:33 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.16 17:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Programme\CrashPlan\CrashPlanService.exe -- (CrashPlanService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.01.06 15:13:15 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.06.14 03:49:02 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 22:23:22 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.16 11:52:04 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.12.22 10:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 22:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 80 84 A7 40 38 CD 01 [binary data] IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2 FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1 FF - prefs.js..extensions.enabledItems: VerticalBookmarksToolbar@alice:3.4 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {5274f9d8-138e-462e-8437-1d790141a7da}:1.03 FF - prefs.js..extensions.enabledItems: ireader@samabox.com:1.0.6 FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7 FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 15:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.17 22:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.05 22:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 09:39:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 18:48:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.13 18:48:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M] [2011.12.26 12:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions [2011.01.21 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.06.25 21:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions [2011.12.26 13:00:04 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.05.22 09:29:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2012.05.22 09:29:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\foxyproxy@eric.h.jung [2012.06.25 21:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\staged [2012.06.21 09:39:31 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\support@lastpass.com [2011.12.26 13:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions [2011.12.26 12:03:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions\support@lastpass.com [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\foxyproxy@eric.h.jung [2011.12.26 15:07:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\support@lastpass.com [2012.06.24 21:47:33 | 000,002,533 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\diigo--google.xml [2012.06.24 21:47:33 | 000,001,018 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\facebook.xml [2011.01.24 23:54:01 | 000,002,057 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\youtube-videosuche.xml [2012.02.02 11:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.19 20:44:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\10018 [2012.01.31 10:48:21 | 000,022,740 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{82129504-17C6-4FEC-B132-9C17E61879CA}.XPI [2012.02.22 10:38:16 | 000,015,392 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI [2012.05.19 13:20:20 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.05.18 12:20:02 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.12.27 18:47:24 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.04.24 15:13:03 | 000,017,406 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALBOOKMARKSTOOLBAR@ALICE.XPI [2012.05.13 17:18:56 | 000,043,424 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALTOOLBAR@XULDEV.ORG.XPI [2012.06.21 09:39:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.21 09:39:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.21 09:39:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 09:39:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 09:39:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 09:39:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 09:39:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: AVG Safe Search = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ O1 HOSTS File: ([2012.05.16 23:07:37 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.10.57.36 www.google-analytics.com. O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net. O1 - Hosts: 69.10.57.36 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000..\Run: [AVMUSBFernanschluss] C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63395EAD-2F98-4836-A730-F4BDCD71EED2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AmIcoSinglun64 - hkey= - key= - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BlueStacks App Player - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 13:46:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe [2012.06.25 17:22:40 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bloodhound5\Desktop\esetsmartinstaller_enu.exe [2012.06.24 00:59:12 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Macromedia [2012.06.15 00:35:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.13 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.12 17:14:36 | 000,000,000 | ---D | C] -- C:\mukke tob geb [2012.06.12 15:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.05 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Microsoft Games [2012.06.05 13:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.06.05 03:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.06.05 03:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.06.03 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.06.03 23:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.06.03 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.06.03 23:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 13:46:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe [2012.06.27 13:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.27 13:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 13:03:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job [2012.06.27 12:32:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.27 12:32:28 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.27 12:32:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.27 12:32:28 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.27 12:32:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.27 11:09:28 | 100,746,374 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.06.27 11:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 02:41:08 | 000,001,456 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.06.27 00:09:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job [2012.06.26 18:41:58 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.25 17:22:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bloodhound5\Desktop\esetsmartinstaller_enu.exe [2012.06.23 23:37:14 | 000,003,584 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.23 23:05:43 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.23 23:05:43 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 22:15:05 | 000,388,005 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.22 15:13:09 | 004,930,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.22 15:12:57 | 2962,276,352 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 10:28:51 | 000,050,477 | ---- | M] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe [2012.06.12 22:12:22 | 435,000,859 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.12 15:45:43 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.06.11 19:48:04 | 000,001,314 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.06.03 13:51:18 | 000,001,058 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.21 10:28:51 | 000,050,477 | ---- | C] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe [2012.06.05 22:55:57 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.05.18 17:50:24 | 000,000,020 | ---- | C] () -- C:\Users\Bloodhound5\defogger_reenable [2012.03.19 20:44:28 | 000,000,016 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\blckdom.res [2012.01.26 18:09:53 | 000,000,234 | ---- | C] () -- C:\Users\Bloodhound5\.gitconfig [2011.12.26 13:38:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.12.26 13:07:23 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.26 13:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.26 13:05:55 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.12.26 13:05:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.12.26 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.12.26 13:05:55 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.12.26 13:05:55 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.12.26 13:05:54 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.26 12:52:59 | 000,003,584 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.26 12:52:59 | 000,001,456 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.12.26 12:52:59 | 000,000,600 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\PUTTY.RND [2011.12.26 12:52:59 | 000,000,032 | RHS- | C] () -- C:\Users\Bloodhound5\AppData\Local\t56.dat [2011.12.26 12:28:50 | 000,038,547 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.12.26 12:28:50 | 000,007,069 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\e269720948.prf [2011.12.26 12:28:50 | 000,000,417 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\redirect.xml [2011.12.26 12:28:50 | 000,000,132 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.26 12:27:57 | 000,008,620 | ---- | C] () -- C:\Users\Bloodhound5\_viminfo [2011.12.26 12:27:57 | 000,001,998 | ---- | C] () -- C:\Users\Bloodhound5\.bash_history [2011.12.26 12:27:57 | 000,000,937 | -H-- | C] () -- C:\Users\Bloodhound5\.gitk [2011.12.26 12:27:57 | 000,000,036 | ---- | C] () -- C:\Users\Bloodhound5\.org.eclipse.epp.usagedata.recording.userId [2011.06.13 23:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft [2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018 [2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon [2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012 [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin [2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan [2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite [2012.06.27 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox [2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden [2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc [2012.06.22 02:28:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ! [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport [2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter [2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn [2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software [2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL [2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy [2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++ [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2 [2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2 [2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer [2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird [2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian [2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter [2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau [2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm [2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb [2009.07.14 07:08:49 | 000,029,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft [2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018 [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Adobe [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Adobe Mini Bridge CS5 [2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon [2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Apple Computer [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ATI [2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012 [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure [2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin [2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan [2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite [2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Digsby [2012.06.27 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox [2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\dvdcss [2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc [2012.06.22 02:28:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ! [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport [2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Identities [2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\InstallShield [2011.12.26 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Intel [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Intel Corporation [2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software [2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Logishrd [2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Logitech [2011.12.26 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia [2012.04.02 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Media Center Programs [2011.12.26 12:29:40 | 000,000,000 | --SD | M] -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft FxCop [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL [2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy [2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++ [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung [2012.06.27 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Skype [2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2 [2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2 [2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer [2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird [2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium [2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian [2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter [2012.04.02 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\vlc [2011.10.05 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\VMware [2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau [2012.04.02 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Winamp [2011.12.26 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\WinRAR [2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm [2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb < %APPDATA%\*.exe /s > [2010.12.25 15:15:12 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft\MineCraftSP.exe [2010.12.25 15:15:12 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft\original1.MinecraftSP.exe [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.01.18 09:04:32 | 004,785,447 | ---- | M] (Phil Harvey) -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter\tools\exiftool.exe [2012.06.03 23:32:53 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.04.14 00:42:30 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2011.01.21 15:36:36 | 000,010,134 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe [2011.05.11 20:13:59 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe [2011.05.11 20:13:59 | 000,073,728 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe [2011.05.11 20:13:59 | 000,069,632 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe [2011.01.22 12:58:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_1D47C55E44A870EE659F36.exe [2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_5E471AA219398E9ECBB35C.exe [2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_B737BDF228C34B77A848A6.exe [2011.12.19 15:54:53 | 000,018,854 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{74D66C04-BE4B-4E1C-8FD6-B93A2AD12474}\_6FEFF9B68218417F98F549.exe [2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_112D608FD02CD87FDC7735.exe [2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_2194D4E881A0FE23DAD30A.exe [2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_853F67D554F05449430E7E.exe [2011.12.26 13:07:23 | 000,010,134 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{C30773F5-0746-C580-B32E-BF6F6854A5E2}\ARPPRODUCTICON.exe [2009.06.29 08:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\MP4Box.exe [2011.06.22 20:50:29 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\Uninstall.exe [2009.06.29 14:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\Yamb.exe [2009.05.03 20:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\eac3to\eac3to.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2012.01.08 00:05:10 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < End of report > |
|
28.06.2012, 09:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
:Files
C:\Users\Bloodhound5\AppData\Roaming\blckdom.res
C:\Users\Bloodhound5\AppData\Roaming\10018
C:\Users\Bloodhound5\AppData\Roaming\Wau
C:\Users\Bloodhound5\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.06.2012, 10:19
| #11 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Schaut gut aus, zumindest ist die Werbung weg: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Bloodhound5\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\10018\components folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\10018 folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\Wau folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bloodhound5
->Temp folder emptied: 1408577370 bytes
->Temporary Internet Files folder emptied: 189399060 bytes
->Java cache emptied: 3442030 bytes
->FireFox cache emptied: 1206471503 bytes
->Google Chrome cache emptied: 329619028 bytes
->Flash cache emptied: 290281 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219791255 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 3283441342 bytes
Total Files Cleaned = 6.334,00 mb
[EMPTYFLASH]
User: All Users
User: Bloodhound5
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_111104
Files\Folders moved on Reboot...
C:\Users\Bloodhound5\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ALIENBABY-X$\1960 not found!
File\Folder C:\Windows\temp\jna1218871082399566072.dll not found!
PendingFileRenameOperations files...
File C:\Users\Bloodhound5\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\hsperfdata_ALIENBABY-X$\1960 not found!
File C:\Windows\temp\jna1218871082399566072.dll not found!
Registry entries deleted on Reboot...
|
|
28.06.2012, 13:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 23:27
| #13 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. sorry für die späte Antwort, war die letzten Tage unterwegs. Das sagt TDS-Killer Code:
ATTFilter 00:18:04.0612 2996 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
00:18:04.0816 2996 ============================================================
00:18:04.0817 2996 Current date / time: 2012/07/02 00:18:04.0816
00:18:04.0817 2996 SystemInfo:
00:18:04.0817 2996
00:18:04.0817 2996 OS Version: 6.1.7601 ServicePack: 1.0
00:18:04.0817 2996 Product type: Workstation
00:18:04.0817 2996 ComputerName: ALIENBABY-X
00:18:04.0817 2996 UserName: Bloodhound5
00:18:04.0817 2996 Windows directory: C:\Windows
00:18:04.0817 2996 System windows directory: C:\Windows
00:18:04.0817 2996 Running under WOW64
00:18:04.0817 2996 Processor architecture: Intel x64
00:18:04.0817 2996 Number of processors: 4
00:18:04.0817 2996 Page size: 0x1000
00:18:04.0817 2996 Boot type: Normal boot
00:18:04.0817 2996 ============================================================
00:18:05.0060 2996 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:07.0073 2996 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:07.0126 2996 ============================================================
00:18:07.0126 2996 \Device\Harddisk0\DR0:
00:18:07.0126 2996 MBR partitions:
00:18:07.0126 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
00:18:07.0126 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x10DE6800
00:18:07.0126 2996 \Device\Harddisk1\DR1:
00:18:07.0127 2996 MBR partitions:
00:18:07.0127 2996 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1609D800
00:18:07.0127 2996 ============================================================
00:18:07.0129 2996 C: <-> \Device\Harddisk0\DR0\Partition1
00:18:07.0177 2996 D: <-> \Device\Harddisk1\DR1\Partition0
00:18:07.0177 2996 ============================================================
00:18:07.0177 2996 Initialize success
00:18:07.0177 2996 ============================================================
00:23:32.0650 5820 ============================================================
00:23:32.0650 5820 Scan started
00:23:32.0650 5820 Mode: Manual; SigCheck; TDLFS;
00:23:32.0650 5820 ============================================================
00:23:32.0931 5820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:23:32.0978 5820 1394ohci - ok
00:23:32.0978 5820 3002e - ok
00:23:32.0993 5820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:23:33.0024 5820 ACPI - ok
00:23:33.0024 5820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:23:33.0040 5820 AcpiPmi - ok
00:23:33.0056 5820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:23:33.0056 5820 AdobeARMservice - ok
00:23:33.0102 5820 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:23:33.0102 5820 AdobeFlashPlayerUpdateSvc - ok
00:23:33.0134 5820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:23:33.0149 5820 adp94xx - ok
00:23:33.0165 5820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:23:33.0165 5820 adpahci - ok
00:23:33.0180 5820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:23:33.0196 5820 adpu320 - ok
00:23:33.0196 5820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:23:33.0274 5820 AeLookupSvc - ok
00:23:33.0290 5820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:23:33.0321 5820 AFD - ok
00:23:33.0321 5820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:23:33.0321 5820 agp440 - ok
00:23:33.0336 5820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:23:33.0352 5820 ALG - ok
00:23:33.0352 5820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:23:33.0368 5820 aliide - ok
00:23:33.0368 5820 AMD External Events Utility (520a16454c60dbdcbfd0645ae509b89c) C:\Windows\system32\atiesrxx.exe
00:23:33.0399 5820 AMD External Events Utility - ok
00:23:33.0399 5820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:23:33.0414 5820 amdide - ok
00:23:33.0414 5820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:23:33.0430 5820 AmdK8 - ok
00:23:33.0820 5820 amdkmdag (046e2912a515a16dd6832371e573ff0c) C:\Windows\system32\DRIVERS\atikmdag.sys
00:23:33.0960 5820 amdkmdag - ok
00:23:34.0007 5820 amdkmdap (b618489abae5f112baffaf6b077adc54) C:\Windows\system32\DRIVERS\atikmpag.sys
00:23:34.0023 5820 amdkmdap - ok
00:23:34.0038 5820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:23:34.0038 5820 AmdPPM - ok
00:23:34.0054 5820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:23:34.0054 5820 amdsata - ok
00:23:34.0070 5820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:23:34.0085 5820 amdsbs - ok
00:23:34.0085 5820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:23:34.0085 5820 amdxata - ok
00:23:34.0101 5820 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
00:23:34.0101 5820 AmUStor - ok
00:23:34.0116 5820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:23:34.0194 5820 AppID - ok
00:23:34.0194 5820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:23:34.0226 5820 AppIDSvc - ok
00:23:34.0226 5820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:23:34.0257 5820 Appinfo - ok
00:23:34.0272 5820 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:23:34.0272 5820 AppMgmt - ok
00:23:34.0288 5820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:23:34.0288 5820 arc - ok
00:23:34.0304 5820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:23:34.0304 5820 arcsas - ok
00:23:34.0319 5820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:23:34.0335 5820 AsyncMac - ok
00:23:34.0350 5820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:23:34.0350 5820 atapi - ok
00:23:34.0413 5820 athr (0a1a97fcc2ec39476bfbd16c3f1507d3) C:\Windows\system32\DRIVERS\athrx.sys
00:23:34.0460 5820 athr - ok
00:23:34.0491 5820 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
00:23:34.0506 5820 AtiHDAudioService - ok
00:23:34.0538 5820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:23:34.0569 5820 AudioEndpointBuilder - ok
00:23:34.0569 5820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:23:34.0600 5820 AudioSrv - ok
00:23:34.0818 5820 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:23:34.0912 5820 AVGIDSAgent - ok
00:23:34.0943 5820 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:23:34.0959 5820 AVGIDSDriver - ok
00:23:34.0959 5820 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:23:34.0974 5820 AVGIDSFilter - ok
00:23:34.0974 5820 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:23:34.0974 5820 AVGIDSHA - ok
00:23:34.0990 5820 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:23:35.0006 5820 Avgldx64 - ok
00:23:35.0006 5820 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:23:35.0006 5820 Avgmfx64 - ok
00:23:35.0021 5820 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:23:35.0021 5820 Avgrkx64 - ok
00:23:35.0037 5820 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:23:35.0052 5820 Avgtdia - ok
00:23:35.0068 5820 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:23:35.0068 5820 avgwd - ok
00:23:35.0084 5820 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
00:23:35.0084 5820 avmaudio - ok
00:23:35.0099 5820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:23:35.0115 5820 AxInstSV - ok
00:23:35.0130 5820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:23:35.0146 5820 b06bdrv - ok
00:23:35.0162 5820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:23:35.0177 5820 b57nd60a - ok
00:23:35.0177 5820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:23:35.0193 5820 BDESVC - ok
00:23:35.0193 5820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:23:35.0224 5820 Beep - ok
00:23:35.0255 5820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:23:35.0302 5820 BFE - ok
00:23:35.0333 5820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:23:35.0364 5820 BITS - ok
00:23:35.0364 5820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:23:35.0380 5820 blbdrive - ok
00:23:35.0380 5820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:23:35.0396 5820 bowser - ok
00:23:35.0396 5820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:23:35.0427 5820 BrFiltLo - ok
00:23:35.0427 5820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:23:35.0427 5820 BrFiltUp - ok
00:23:35.0442 5820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:23:35.0474 5820 Browser - ok
00:23:35.0474 5820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:23:35.0489 5820 Brserid - ok
00:23:35.0505 5820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:23:35.0505 5820 BrSerWdm - ok
00:23:35.0505 5820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:23:35.0520 5820 BrUsbMdm - ok
00:23:35.0520 5820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:23:35.0536 5820 BrUsbSer - ok
00:23:35.0536 5820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:23:35.0552 5820 BTHMODEM - ok
00:23:35.0567 5820 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:23:35.0583 5820 BTHPORT - ok
00:23:35.0598 5820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:23:35.0614 5820 bthserv - ok
00:23:35.0630 5820 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:23:35.0630 5820 BTHUSB - ok
00:23:35.0645 5820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:23:35.0661 5820 cdfs - ok
00:23:35.0676 5820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:23:35.0692 5820 cdrom - ok
00:23:35.0692 5820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:23:35.0723 5820 CertPropSvc - ok
00:23:35.0723 5820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:23:35.0739 5820 circlass - ok
00:23:35.0754 5820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:23:35.0770 5820 CLFS - ok
00:23:35.0770 5820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:23:35.0786 5820 clr_optimization_v2.0.50727_32 - ok
00:23:35.0786 5820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:23:35.0801 5820 clr_optimization_v2.0.50727_64 - ok
00:23:35.0817 5820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:23:35.0848 5820 clr_optimization_v4.0.30319_32 - ok
00:23:35.0879 5820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:23:35.0879 5820 clr_optimization_v4.0.30319_64 - ok
00:23:35.0895 5820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:23:35.0910 5820 CmBatt - ok
00:23:35.0926 5820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:23:35.0942 5820 cmdide - ok
00:23:35.0988 5820 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:23:36.0004 5820 CNG - ok
00:23:36.0004 5820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:23:36.0020 5820 Compbatt - ok
00:23:36.0035 5820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:23:36.0082 5820 CompositeBus - ok
00:23:36.0082 5820 COMSysApp - ok
00:23:36.0098 5820 CrashPlanService (e2cec73b4d221b9ffe906748d1f5fc54) C:\Program Files\CrashPlan\CrashPlanService.exe
00:23:36.0113 5820 CrashPlanService ( UnsignedFile.Multi.Generic ) - warning
00:23:36.0113 5820 CrashPlanService - detected UnsignedFile.Multi.Generic (1)
00:23:36.0113 5820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:23:36.0129 5820 crcdisk - ok
00:23:36.0160 5820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:23:36.0176 5820 CryptSvc - ok
00:23:36.0222 5820 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:23:36.0238 5820 CSC - ok
00:23:36.0316 5820 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:23:36.0347 5820 CscService - ok
00:23:36.0363 5820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:23:36.0410 5820 DcomLaunch - ok
00:23:36.0425 5820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:23:36.0456 5820 defragsvc - ok
00:23:36.0472 5820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:23:36.0503 5820 DfsC - ok
00:23:36.0503 5820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:23:36.0534 5820 Dhcp - ok
00:23:36.0550 5820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:23:36.0581 5820 discache - ok
00:23:36.0581 5820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:23:36.0581 5820 Disk - ok
00:23:36.0597 5820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:23:36.0612 5820 Dnscache - ok
00:23:36.0628 5820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:23:36.0659 5820 dot3svc - ok
00:23:36.0659 5820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:23:36.0690 5820 DPS - ok
00:23:36.0690 5820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:23:36.0706 5820 drmkaud - ok
00:23:36.0737 5820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:23:36.0768 5820 DXGKrnl - ok
00:23:36.0784 5820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:23:36.0815 5820 EapHost - ok
00:23:36.0956 5820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:23:37.0049 5820 ebdrv - ok
00:23:37.0080 5820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:23:37.0096 5820 EFS - ok
00:23:37.0127 5820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:23:37.0158 5820 ehRecvr - ok
00:23:37.0174 5820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:23:37.0190 5820 ehSched - ok
00:23:37.0221 5820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:23:37.0236 5820 elxstor - ok
00:23:37.0252 5820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:23:37.0252 5820 ErrDev - ok
00:23:37.0283 5820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:23:37.0314 5820 EventSystem - ok
00:23:37.0361 5820 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:23:37.0408 5820 EvtEng - ok
00:23:37.0439 5820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:23:37.0470 5820 exfat - ok
00:23:37.0486 5820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:23:37.0517 5820 fastfat - ok
00:23:37.0533 5820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:23:37.0548 5820 Fax - ok
00:23:37.0564 5820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:23:37.0564 5820 fdc - ok
00:23:37.0580 5820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:23:37.0595 5820 fdPHost - ok
00:23:37.0611 5820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:23:37.0642 5820 FDResPub - ok
00:23:37.0642 5820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:23:37.0642 5820 FileInfo - ok
00:23:37.0658 5820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:23:37.0673 5820 Filetrace - ok
00:23:37.0704 5820 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:23:37.0720 5820 FLEXnet Licensing Service - ok
00:23:37.0720 5820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:23:37.0736 5820 flpydisk - ok
00:23:37.0751 5820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:23:37.0751 5820 FltMgr - ok
00:23:37.0798 5820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:23:37.0829 5820 FontCache - ok
00:23:37.0829 5820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:23:37.0845 5820 FontCache3.0.0.0 - ok
00:23:37.0845 5820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:23:37.0860 5820 FsDepends - ok
00:23:37.0860 5820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:23:37.0876 5820 Fs_Rec - ok
00:23:37.0892 5820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:23:37.0892 5820 fvevol - ok
00:23:37.0907 5820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:23:37.0907 5820 gagp30kx - ok
00:23:37.0938 5820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:23:37.0985 5820 gpsvc - ok
00:23:38.0001 5820 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:38.0001 5820 gupdate - ok
00:23:38.0001 5820 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:38.0016 5820 gupdatem - ok
00:23:38.0016 5820 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:23:38.0032 5820 gusvc - ok
00:23:38.0032 5820 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:23:38.0032 5820 hamachi - ok
00:23:38.0126 5820 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:23:38.0188 5820 Hamachi2Svc - ok
00:23:38.0204 5820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:23:38.0219 5820 hcw85cir - ok
00:23:38.0235 5820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:23:38.0250 5820 HdAudAddService - ok
00:23:38.0266 5820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:23:38.0266 5820 HDAudBus - ok
00:23:38.0282 5820 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:23:38.0282 5820 HECIx64 - ok
00:23:38.0282 5820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:23:38.0297 5820 HidBatt - ok
00:23:38.0297 5820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:23:38.0313 5820 HidBth - ok
00:23:38.0328 5820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:23:38.0328 5820 HidIr - ok
00:23:38.0344 5820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:23:38.0360 5820 hidserv - ok
00:23:38.0375 5820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:23:38.0375 5820 HidUsb - ok
00:23:38.0391 5820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:23:38.0406 5820 hkmsvc - ok
00:23:38.0422 5820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:23:38.0438 5820 HomeGroupListener - ok
00:23:38.0438 5820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:23:38.0453 5820 HomeGroupProvider - ok
00:23:38.0453 5820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:23:38.0469 5820 HpSAMD - ok
00:23:38.0469 5820 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
00:23:38.0484 5820 htcnprot - ok
00:23:38.0500 5820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:23:38.0547 5820 HTTP - ok
00:23:38.0547 5820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:23:38.0547 5820 hwpolicy - ok
00:23:38.0562 5820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:23:38.0578 5820 i8042prt - ok
00:23:38.0594 5820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:23:38.0609 5820 iaStorV - ok
00:23:38.0625 5820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:23:38.0656 5820 idsvc - ok
00:23:39.0046 5820 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:23:39.0202 5820 igfx - ok
00:23:39.0218 5820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:23:39.0233 5820 iirsp - ok
00:23:39.0264 5820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:23:39.0296 5820 IKEEXT - ok
00:23:39.0311 5820 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
00:23:39.0311 5820 Impcd - ok
00:23:39.0405 5820 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
00:23:39.0467 5820 IntcAzAudAddService - ok
00:23:39.0483 5820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:23:39.0498 5820 intelide - ok
00:23:39.0904 5820 intelkmd (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:23:40.0060 5820 intelkmd - ok
00:23:40.0091 5820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:23:40.0107 5820 intelppm - ok
00:23:40.0107 5820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:23:40.0154 5820 IPBusEnum - ok
00:23:40.0154 5820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:23:40.0185 5820 IpFilterDriver - ok
00:23:40.0200 5820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:23:40.0232 5820 iphlpsvc - ok
00:23:40.0247 5820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:23:40.0247 5820 IPMIDRV - ok
00:23:40.0263 5820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:23:40.0278 5820 IPNAT - ok
00:23:40.0294 5820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:23:40.0310 5820 IRENUM - ok
00:23:40.0310 5820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:23:40.0325 5820 isapnp - ok
00:23:40.0325 5820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:23:40.0341 5820 iScsiPrt - ok
00:23:40.0356 5820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:23:40.0356 5820 kbdclass - ok
00:23:40.0356 5820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:23:40.0372 5820 kbdhid - ok
00:23:40.0372 5820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:40.0388 5820 KeyIso - ok
00:23:40.0388 5820 KMService - ok
00:23:40.0388 5820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:23:40.0403 5820 KSecDD - ok
00:23:40.0419 5820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:23:40.0419 5820 KSecPkg - ok
00:23:40.0434 5820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:23:40.0450 5820 ksthunk - ok
00:23:40.0466 5820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:23:40.0497 5820 KtmRm - ok
00:23:40.0512 5820 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:23:40.0512 5820 L1C - ok
00:23:40.0528 5820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:23:40.0559 5820 LanmanServer - ok
00:23:40.0559 5820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:23:40.0590 5820 LanmanWorkstation - ok
00:23:40.0606 5820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:23:40.0622 5820 lltdio - ok
00:23:40.0637 5820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:23:40.0668 5820 lltdsvc - ok
00:23:40.0668 5820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:23:40.0700 5820 lmhosts - ok
00:23:40.0715 5820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:23:40.0715 5820 LSI_FC - ok
00:23:40.0731 5820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:23:40.0731 5820 LSI_SAS - ok
00:23:40.0746 5820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:23:40.0746 5820 LSI_SAS2 - ok
00:23:40.0762 5820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:23:40.0762 5820 LSI_SCSI - ok
00:23:40.0778 5820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:23:40.0793 5820 luafv - ok
00:23:40.0809 5820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:23:40.0809 5820 Mcx2Svc - ok
00:23:40.0824 5820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:23:40.0824 5820 megasas - ok
00:23:40.0840 5820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:23:40.0856 5820 MegaSR - ok
00:23:40.0856 5820 Microsoft SharePoint Workspace Audit Service - ok
00:23:40.0856 5820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:23:40.0887 5820 MMCSS - ok
00:23:40.0902 5820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:23:40.0918 5820 Modem - ok
00:23:40.0934 5820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:23:40.0934 5820 monitor - ok
00:23:40.0949 5820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:23:40.0949 5820 mouclass - ok
00:23:40.0965 5820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:23:40.0965 5820 mouhid - ok
00:23:40.0965 5820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:23:40.0980 5820 mountmgr - ok
00:23:40.0996 5820 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:23:40.0996 5820 MozillaMaintenance - ok
00:23:41.0012 5820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:23:41.0027 5820 mpio - ok
00:23:41.0027 5820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:23:41.0058 5820 mpsdrv - ok
00:23:41.0090 5820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:23:41.0121 5820 MpsSvc - ok
00:23:41.0121 5820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:23:41.0136 5820 MRxDAV - ok
00:23:41.0152 5820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:23:41.0168 5820 mrxsmb - ok
00:23:41.0168 5820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:23:41.0183 5820 mrxsmb10 - ok
00:23:41.0199 5820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:23:41.0199 5820 mrxsmb20 - ok
00:23:41.0199 5820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:23:41.0214 5820 msahci - ok
00:23:41.0214 5820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:23:41.0230 5820 msdsm - ok
00:23:41.0246 5820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:23:41.0246 5820 MSDTC - ok
00:23:41.0261 5820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:23:41.0292 5820 Msfs - ok
00:23:41.0292 5820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:23:41.0308 5820 mshidkmdf - ok
00:23:41.0324 5820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:23:41.0324 5820 msisadrv - ok
00:23:41.0339 5820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:23:41.0370 5820 MSiSCSI - ok
00:23:41.0370 5820 msiserver - ok
00:23:41.0370 5820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:23:41.0402 5820 MSKSSRV - ok
00:23:41.0402 5820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:23:41.0433 5820 MSPCLOCK - ok
00:23:41.0433 5820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:23:41.0464 5820 MSPQM - ok
00:23:41.0464 5820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:23:41.0480 5820 MsRPC - ok
00:23:41.0495 5820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:23:41.0495 5820 mssmbios - ok
00:23:41.0495 5820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:23:41.0526 5820 MSTEE - ok
00:23:41.0542 5820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:23:41.0542 5820 MTConfig - ok
00:23:41.0558 5820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:23:41.0558 5820 Mup - ok
00:23:41.0573 5820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:23:41.0636 5820 napagent - ok
00:23:41.0636 5820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:23:41.0651 5820 NativeWifiP - ok
00:23:41.0682 5820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:23:41.0714 5820 NDIS - ok
00:23:41.0729 5820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:23:41.0760 5820 NdisCap - ok
00:23:41.0776 5820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:23:41.0792 5820 NdisTapi - ok
00:23:41.0807 5820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:23:41.0838 5820 Ndisuio - ok
00:23:41.0838 5820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:23:41.0870 5820 NdisWan - ok
00:23:41.0870 5820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:23:41.0901 5820 NDProxy - ok
00:23:41.0901 5820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:23:41.0932 5820 NetBIOS - ok
00:23:41.0948 5820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:23:41.0979 5820 NetBT - ok
00:23:41.0979 5820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:41.0994 5820 Netlogon - ok
00:23:42.0010 5820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:23:42.0041 5820 Netman - ok
00:23:42.0057 5820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:23:42.0088 5820 netprofm - ok
00:23:42.0104 5820 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:23:42.0104 5820 NetTcpPortSharing - ok
00:23:42.0119 5820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:23:42.0119 5820 nfrd960 - ok
00:23:42.0135 5820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:23:42.0166 5820 NlaSvc - ok
00:23:42.0166 5820 npf (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:23:42.0182 5820 npf - ok
00:23:42.0182 5820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:23:42.0213 5820 Npfs - ok
00:23:42.0213 5820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:23:42.0244 5820 nsi - ok
00:23:42.0244 5820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:23:42.0275 5820 nsiproxy - ok
00:23:42.0338 5820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:23:42.0384 5820 Ntfs - ok
00:23:42.0416 5820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:23:42.0447 5820 Null - ok
00:23:42.0447 5820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:23:42.0462 5820 nvraid - ok
00:23:42.0462 5820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:23:42.0478 5820 nvstor - ok
00:23:42.0478 5820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:23:42.0494 5820 nv_agp - ok
00:23:42.0494 5820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:23:42.0509 5820 ohci1394 - ok
00:23:42.0525 5820 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:23:42.0540 5820 ose64 - ok
00:23:42.0743 5820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:23:42.0868 5820 osppsvc - ok
00:23:42.0899 5820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:23:42.0915 5820 p2pimsvc - ok
00:23:42.0930 5820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:23:42.0946 5820 p2psvc - ok
00:23:42.0962 5820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:23:42.0977 5820 Parport - ok
00:23:42.0977 5820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:23:42.0977 5820 partmgr - ok
00:23:42.0993 5820 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
00:23:42.0993 5820 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
00:23:42.0993 5820 PassThru Service - detected UnsignedFile.Multi.Generic (1)
00:23:43.0008 5820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:23:43.0024 5820 PcaSvc - ok
00:23:43.0024 5820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:23:43.0040 5820 pci - ok
00:23:43.0040 5820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:23:43.0055 5820 pciide - ok
00:23:43.0055 5820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:23:43.0071 5820 pcmcia - ok
00:23:43.0071 5820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:23:43.0086 5820 pcw - ok
00:23:43.0102 5820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:23:43.0149 5820 PEAUTH - ok
00:23:43.0196 5820 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:23:43.0227 5820 PeerDistSvc - ok
00:23:43.0258 5820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:23:43.0274 5820 PerfHost - ok
00:23:43.0367 5820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:23:43.0430 5820 pla - ok
00:23:43.0461 5820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:23:43.0476 5820 PlugPlay - ok
00:23:43.0476 5820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:23:43.0492 5820 PNRPAutoReg - ok
00:23:43.0508 5820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:23:43.0508 5820 PNRPsvc - ok
00:23:43.0539 5820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:23:43.0570 5820 PolicyAgent - ok
00:23:43.0570 5820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:23:43.0601 5820 Power - ok
00:23:43.0617 5820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:23:43.0648 5820 PptpMiniport - ok
00:23:43.0648 5820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:23:43.0664 5820 Processor - ok
00:23:43.0664 5820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:23:43.0679 5820 ProfSvc - ok
00:23:43.0679 5820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:43.0695 5820 ProtectedStorage - ok
00:23:43.0695 5820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:23:43.0726 5820 Psched - ok
00:23:43.0788 5820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:23:43.0835 5820 ql2300 - ok
00:23:43.0866 5820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:23:43.0866 5820 ql40xx - ok
00:23:43.0882 5820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:23:43.0898 5820 QWAVE - ok
00:23:43.0898 5820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:23:43.0913 5820 QWAVEdrv - ok
00:23:43.0913 5820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:23:43.0944 5820 RasAcd - ok
00:23:43.0960 5820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:23:43.0976 5820 RasAgileVpn - ok
00:23:43.0991 5820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:23:44.0022 5820 RasAuto - ok
00:23:44.0022 5820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:23:44.0054 5820 Rasl2tp - ok
00:23:44.0069 5820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:23:44.0100 5820 RasMan - ok
00:23:44.0100 5820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:23:44.0132 5820 RasPppoe - ok
00:23:44.0147 5820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:23:44.0178 5820 RasSstp - ok
00:23:44.0178 5820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:23:44.0225 5820 rdbss - ok
00:23:44.0225 5820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:23:44.0225 5820 rdpbus - ok
00:23:44.0241 5820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:23:44.0256 5820 RDPCDD - ok
00:23:44.0272 5820 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:23:44.0288 5820 RDPDR - ok
00:23:44.0288 5820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:23:44.0319 5820 RDPENCDD - ok
00:23:44.0319 5820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:23:44.0350 5820 RDPREFMP - ok
00:23:44.0350 5820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:23:44.0366 5820 RDPWD - ok
00:23:44.0381 5820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:23:44.0397 5820 rdyboost - ok
00:23:44.0428 5820 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:23:44.0444 5820 RegSrvc - ok
00:23:44.0459 5820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:23:44.0490 5820 RemoteAccess - ok
00:23:44.0490 5820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:23:44.0522 5820 RemoteRegistry - ok
00:23:44.0537 5820 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:23:44.0537 5820 RimUsb - ok
00:23:44.0537 5820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:23:44.0568 5820 RpcEptMapper - ok
00:23:44.0584 5820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:23:44.0584 5820 RpcLocator - ok
00:23:44.0600 5820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:23:44.0631 5820 RpcSs - ok
00:23:44.0646 5820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:23:44.0678 5820 rspndr - ok
00:23:44.0678 5820 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:23:44.0678 5820 s3cap - ok
00:23:44.0693 5820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:44.0693 5820 SamSs - ok
00:23:44.0709 5820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:23:44.0709 5820 sbp2port - ok
00:23:44.0724 5820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:23:44.0756 5820 SCardSvr - ok
00:23:44.0756 5820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:23:44.0787 5820 scfilter - ok
00:23:44.0818 5820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:23:44.0865 5820 Schedule - ok
00:23:44.0880 5820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:23:44.0912 5820 SCPolicySvc - ok
00:23:44.0912 5820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:23:44.0927 5820 SDRSVC - ok
00:23:44.0943 5820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:23:44.0974 5820 secdrv - ok
00:23:44.0974 5820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:23:45.0005 5820 seclogon - ok
00:23:45.0005 5820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:23:45.0036 5820 SENS - ok
00:23:45.0036 5820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:23:45.0052 5820 SensrSvc - ok
00:23:45.0052 5820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:23:45.0052 5820 Serenum - ok
00:23:45.0068 5820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:23:45.0068 5820 Serial - ok
00:23:45.0083 5820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:23:45.0083 5820 sermouse - ok
00:23:45.0099 5820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:23:45.0130 5820 SessionEnv - ok
00:23:45.0130 5820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:23:45.0146 5820 sffdisk - ok
00:23:45.0146 5820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:23:45.0161 5820 sffp_mmc - ok
00:23:45.0161 5820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:23:45.0177 5820 sffp_sd - ok
00:23:45.0177 5820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:23:45.0177 5820 sfloppy - ok
00:23:45.0192 5820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:23:45.0224 5820 SharedAccess - ok
00:23:45.0239 5820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:23:45.0270 5820 ShellHWDetection - ok
00:23:45.0286 5820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:23:45.0286 5820 SiSRaid2 - ok
00:23:45.0302 5820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:23:45.0302 5820 SiSRaid4 - ok
00:23:45.0317 5820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:23:45.0348 5820 Smb - ok
00:23:45.0348 5820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:23:45.0364 5820 SNMPTRAP - ok
00:23:45.0364 5820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:23:45.0364 5820 spldr - ok
00:23:45.0395 5820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:23:45.0426 5820 Spooler - ok
00:23:45.0567 5820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:23:45.0660 5820 sppsvc - ok
00:23:45.0692 5820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:23:45.0723 5820 sppuinotify - ok
00:23:45.0723 5820 sptd - ok
00:23:45.0738 5820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:23:45.0754 5820 srv - ok
00:23:45.0770 5820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:23:45.0785 5820 srv2 - ok
00:23:45.0801 5820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:23:45.0801 5820 srvnet - ok
00:23:45.0816 5820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:23:45.0848 5820 SSDPSRV - ok
00:23:45.0848 5820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:23:45.0879 5820 SstpSvc - ok
00:23:45.0894 5820 Steam Client Service - ok
00:23:45.0894 5820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:23:45.0894 5820 stexstor - ok
00:23:45.0926 5820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:23:45.0941 5820 stisvc - ok
00:23:45.0941 5820 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:23:45.0957 5820 storflt - ok
00:23:45.0957 5820 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
00:23:45.0972 5820 StorSvc - ok
00:23:45.0972 5820 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:23:45.0988 5820 storvsc - ok
00:23:45.0988 5820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:23:45.0988 5820 swenum - ok
00:23:46.0019 5820 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:23:46.0035 5820 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
00:23:46.0035 5820 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
00:23:46.0050 5820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:23:46.0082 5820 swprv - ok
00:23:46.0160 5820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:23:46.0191 5820 SysMain - ok
00:23:46.0238 5820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:23:46.0253 5820 TabletInputService - ok
00:23:46.0269 5820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:23:46.0300 5820 TapiSrv - ok
00:23:46.0300 5820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:23:46.0331 5820 TBS - ok
00:23:46.0394 5820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:23:46.0456 5820 Tcpip - ok
00:23:46.0768 5820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:23:46.0815 5820 TCPIP6 - ok
00:23:46.0908 5820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:23:46.0940 5820 tcpipreg - ok
00:23:46.0955 5820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:23:46.0971 5820 TDPIPE - ok
00:23:46.0971 5820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:23:46.0986 5820 TDTCP - ok
00:23:47.0002 5820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:23:47.0033 5820 tdx - ok
00:23:47.0111 5820 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:23:47.0174 5820 TeamViewer7 - ok
00:23:47.0189 5820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:23:47.0205 5820 TermDD - ok
00:23:47.0236 5820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:23:47.0283 5820 TermService - ok
00:23:47.0283 5820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:23:47.0298 5820 Themes - ok
00:23:47.0298 5820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:23:47.0330 5820 THREADORDER - ok
00:23:47.0330 5820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:23:47.0361 5820 TrkWks - ok
00:23:47.0376 5820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:23:47.0408 5820 TrustedInstaller - ok
00:23:47.0408 5820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:23:47.0439 5820 tssecsrv - ok
00:23:47.0439 5820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:23:47.0454 5820 TsUsbFlt - ok
00:23:47.0454 5820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:23:47.0486 5820 tunnel - ok
00:23:47.0486 5820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:23:47.0501 5820 uagp35 - ok
00:23:47.0517 5820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:23:47.0548 5820 udfs - ok
00:23:47.0548 5820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:23:47.0564 5820 UI0Detect - ok
00:23:47.0564 5820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:23:47.0579 5820 uliagpkx - ok
00:23:47.0579 5820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:23:47.0595 5820 umbus - ok
00:23:47.0595 5820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:23:47.0610 5820 UmPass - ok
00:23:47.0610 5820 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:23:47.0626 5820 UmRdpService - ok
00:23:47.0642 5820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:23:47.0673 5820 upnphost - ok
00:23:47.0673 5820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:23:47.0688 5820 usbccgp - ok
00:23:47.0688 5820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:23:47.0704 5820 usbcir - ok
00:23:47.0704 5820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:23:47.0720 5820 usbehci - ok
00:23:47.0735 5820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:23:47.0751 5820 usbhub - ok
00:23:47.0751 5820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:23:47.0766 5820 usbohci - ok
00:23:47.0766 5820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:23:47.0782 5820 usbprint - ok
00:23:47.0782 5820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:23:47.0798 5820 usbscan - ok
00:23:47.0798 5820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:23:47.0813 5820 USBSTOR - ok
00:23:47.0813 5820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:23:47.0813 5820 usbuhci - ok
00:23:47.0829 5820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:23:47.0844 5820 usbvideo - ok
00:23:47.0844 5820 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:23:47.0860 5820 usb_rndisx - ok
00:23:47.0860 5820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:23:47.0891 5820 UxSms - ok
00:23:47.0891 5820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:47.0907 5820 VaultSvc - ok
00:23:47.0922 5820 VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:23:47.0922 5820 VBoxDrv - ok
00:23:47.0938 5820 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:23:47.0938 5820 VBoxNetAdp - ok
00:23:47.0954 5820 VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:23:47.0969 5820 VBoxNetFlt - ok
00:23:47.0969 5820 VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:23:47.0985 5820 VBoxUSBMon - ok
00:23:47.0985 5820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:23:47.0985 5820 vdrvroot - ok
00:23:48.0016 5820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:23:48.0047 5820 vds - ok
00:23:48.0047 5820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:23:48.0063 5820 vga - ok
00:23:48.0063 5820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:23:48.0094 5820 VgaSave - ok
00:23:48.0110 5820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:23:48.0110 5820 vhdmp - ok
00:23:48.0110 5820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:23:48.0125 5820 viaide - ok
00:23:48.0125 5820 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:23:48.0141 5820 vmbus - ok
00:23:48.0141 5820 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:23:48.0156 5820 VMBusHID - ok
00:23:48.0156 5820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:23:48.0172 5820 volmgr - ok
00:23:48.0188 5820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:23:48.0203 5820 volmgrx - ok
00:23:48.0219 5820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:23:48.0219 5820 volsnap - ok
00:23:48.0234 5820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:23:48.0250 5820 vsmraid - ok
00:23:48.0297 5820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:23:48.0359 5820 VSS - ok
00:23:48.0375 5820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:23:48.0390 5820 vwifibus - ok
00:23:48.0390 5820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:23:48.0406 5820 vwififlt - ok
00:23:48.0422 5820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:23:48.0422 5820 vwifimp - ok
00:23:48.0437 5820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:23:48.0484 5820 W32Time - ok
00:23:48.0484 5820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:23:48.0484 5820 WacomPen - ok
00:23:48.0500 5820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:48.0531 5820 WANARP - ok
00:23:48.0531 5820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:48.0562 5820 Wanarpv6 - ok
00:23:48.0609 5820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:23:48.0640 5820 WatAdminSvc - ok
00:23:48.0687 5820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:23:48.0718 5820 wbengine - ok
00:23:48.0765 5820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:23:48.0780 5820 WbioSrvc - ok
00:23:48.0780 5820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:23:48.0812 5820 wcncsvc - ok
00:23:48.0812 5820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:23:48.0812 5820 WcsPlugInService - ok
00:23:48.0827 5820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:23:48.0827 5820 Wd - ok
00:23:48.0858 5820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:23:48.0874 5820 Wdf01000 - ok
00:23:48.0874 5820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:23:48.0905 5820 WdiServiceHost - ok
00:23:48.0905 5820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:23:48.0921 5820 WdiSystemHost - ok
00:23:48.0936 5820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:23:48.0952 5820 WebClient - ok
00:23:48.0968 5820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:23:48.0999 5820 Wecsvc - ok
00:23:48.0999 5820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:23:49.0030 5820 wercplsupport - ok
00:23:49.0030 5820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:23:49.0061 5820 WerSvc - ok
00:23:49.0077 5820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:23:49.0092 5820 WfpLwf - ok
00:23:49.0108 5820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:23:49.0108 5820 WIMMount - ok
00:23:49.0108 5820 WinDefend - ok
00:23:49.0124 5820 WinHttpAutoProxySvc - ok
00:23:49.0139 5820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:23:49.0170 5820 Winmgmt - ok
00:23:49.0233 5820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:23:49.0295 5820 WinRM - ok
00:23:49.0326 5820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:23:49.0342 5820 WinUsb - ok
00:23:49.0373 5820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:23:49.0389 5820 Wlansvc - ok
00:23:49.0404 5820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:23:49.0404 5820 WmiAcpi - ok
00:23:49.0420 5820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:23:49.0436 5820 wmiApSrv - ok
00:23:49.0436 5820 WMPNetworkSvc - ok
00:23:49.0436 5820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:23:49.0451 5820 WPCSvc - ok
00:23:49.0451 5820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:23:49.0467 5820 WPDBusEnum - ok
00:23:49.0482 5820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:23:49.0498 5820 ws2ifsl - ok
00:23:49.0514 5820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:23:49.0529 5820 wscsvc - ok
00:23:49.0529 5820 WSearch - ok
00:23:49.0607 5820 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:23:49.0654 5820 wuauserv - ok
00:23:49.0685 5820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:23:49.0716 5820 WudfPf - ok
00:23:49.0716 5820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:23:49.0748 5820 WUDFRd - ok
00:23:49.0763 5820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:23:49.0779 5820 wudfsvc - ok
00:23:49.0794 5820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:23:49.0810 5820 WwanSvc - ok
00:23:49.0826 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:23:49.0950 5820 \Device\Harddisk0\DR0 - ok
00:23:49.0950 5820 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk1\DR1
00:23:50.0481 5820 \Device\Harddisk1\DR1 - ok
00:23:50.0481 5820 Boot (0x1200) (41a1bdb142e8397781a45140a3a0bd93) \Device\Harddisk0\DR0\Partition0
00:23:50.0481 5820 \Device\Harddisk0\DR0\Partition0 - ok
00:23:50.0496 5820 Boot (0x1200) (be1641007c329927017860a3ec6e6447) \Device\Harddisk0\DR0\Partition1
00:23:50.0496 5820 \Device\Harddisk0\DR0\Partition1 - ok
00:23:50.0496 5820 Boot (0x1200) (d6c6c3f695742d847e9f3cdc22694506) \Device\Harddisk1\DR1\Partition0
00:23:50.0496 5820 \Device\Harddisk1\DR1\Partition0 - ok
00:23:50.0496 5820 ============================================================
00:23:50.0496 5820 Scan finished
00:23:50.0496 5820 ============================================================
00:23:50.0512 5848 Detected object count: 3
00:23:50.0512 5848 Actual detected object count: 3
00:24:10.0371 5848 CrashPlanService ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:24:10.0371 5848 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:24:10.0371 5848 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.07.2012, 13:07
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 17:35
| #15 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. ComboFix Log Code:
ATTFilter ComboFix 12-07-02.01 - Bloodhound5 02.07.2012 18:22:36.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3767.2210 [GMT 2:00]
ausgeführt von:: c:\users\Bloodhound5\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gema
c:\users\Bloodhound5\AppData\Local\assembly\tmp
c:\users\Bloodhound5\AppData\Roaming\AcroIEHelpe.txt
c:\users\Bloodhound5\AppData\Roaming\e269720948.prf
c:\users\Bloodhound5\AppData\Roaming\gema
c:\users\Bloodhound5\AppData\Roaming\srvblck2.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\jna4118871093722882315.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
.
.
2012-07-02 16:27 . 2012-07-02 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 13:21 . 2012-07-01 22:30 -------- d-----w- c:\users\Bloodhound5\AppData\Roaming\Qaonp
2012-06-30 13:21 . 2012-07-01 22:25 -------- d-----w- c:\users\Bloodhound5\AppData\Roaming\Unekgy
2012-06-30 13:21 . 2012-06-30 13:21 -------- d-----w- c:\users\Bloodhound5\AppData\Roaming\Utop
2012-06-28 09:11 . 2012-06-28 09:11 -------- d-----w- C:\_OTL
2012-06-23 22:59 . 2012-06-23 22:59 -------- d-----w- c:\users\Bloodhound5\AppData\Local\Macromedia
2012-06-21 07:39 . 2012-06-21 07:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 07:39 . 2012-06-21 07:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 22:19 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:48 . 2012-06-13 16:48 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-06-12 15:14 . 2012-06-12 15:38 -------- d-----w- C:\mukke tob geb
2012-06-05 11:03 . 2012-06-05 11:07 -------- d-----w- c:\users\Bloodhound5\AppData\Local\Microsoft Games
2012-06-05 11:03 . 2012-06-05 11:03 -------- d-----w- c:\program files\Microsoft Games
2012-06-05 01:00 . 2012-06-05 01:00 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-05 01:00 . 2012-06-05 01:00 -------- d-----w- c:\windows\system32\Wat
2012-06-03 21:33 . 2012-06-03 21:33 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-06-03 21:32 . 2012-06-03 21:33 -------- d-----w- c:\program files (x86)\HTC
2012-06-03 21:32 . 2012-06-03 21:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-02 16:58 . 2012-06-02 16:58 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:28 . 2012-04-04 20:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 21:28 . 2011-12-26 12:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2012-04-01 22:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-01-06 147456]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19549320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 3002e;69p20cfih3.exe;c:\windows\system32\drivers\3002e.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-06 116096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:28]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-23 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-23 2040352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF10683.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02 18:31:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-02 16:31
.
Vor Suchlauf: 14 Verzeichnis(se), 40.655.998.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 39.987.224.576 Bytes frei
.
- - End Of File - - A66758E214FEF7AD31CCFC3870614E6E
|
|
| Themen zu Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. |
| adobe, bho, browser, combofix, document, explorer, fehlermeldung, firefox, firefox 13.0.1, flash player, format, google, google earth, helper, hängen, igdpmd64.sys, index, internet, logfile, mozilla, plug-in, programme, realtek, registry, scan, searchscopes, security, seiten, senden, software, spam, version=1.0, windows |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
