| |
| |||||||
Log-Analyse und Auswertung: EXP/0507.CN.2 - EXP/12-0507.DE - SecurityShield - TR/FakeAV.ashWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.06.2012, 18:16
| #1 |
| |  EXP/0507.CN.2 - EXP/12-0507.DE - SecurityShield - TR/FakeAV.ash Hallo liebe Community! Ich habe folgendes Problem. Vor zwei Tagen hab ich mir den Virus SecurityShield eingefangen, und ihn auch "erfolgreich" entfernt. 8Danke einer Anleitung im Board) Jedoch möchte ich nochmals sicher gehen, da mein Antivirus immer wieder einen Trojaner oder einen Exploit findet (siehe Titel). Ich habe meine PC soweit desinfiziert wie es mir möglich war, deshalb frage ich nochmal nach, ob jemand über die Logs schauen kann. ComboFix Code:
ATTFilter ComboFix 12-06-26.02 - Home 27.06.2012 11:02:06.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3955.2700 [GMT 2:00]
ausgeführt von:: c:\users\Home\Desktop\cf.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Update
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-27 bis 2012-06-27 ))))))))))))))))))))))))))))))
.
.
2012-06-27 09:10 . 2012-06-27 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 22:45 . 2012-06-25 22:45 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2012-06-25 22:45 . 2012-06-25 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 22:45 . 2012-06-25 22:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 22:45 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 14:13 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-23 14:13 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-23 14:13 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-23 14:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 14:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 14:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 14:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 14:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 14:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 14:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 14:09 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 14:09 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 19:26 . 2012-06-22 19:26 -------- d-----w- c:\users\Home\AppData\Roaming\Avira
2012-06-22 19:25 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-22 19:25 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-22 19:25 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-22 19:25 . 2012-06-22 19:25 -------- d-----w- c:\program files (x86)\Avira
2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-18 20:50 . 2012-06-18 20:50 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-06-18 20:49 . 2012-06-25 16:14 -------- d-----w- c:\users\Home\AppData\Roaming\FileZilla
2012-06-18 06:23 . 2012-06-18 06:25 -------- d-----w- c:\users\Home\AppData\Roaming\dvdcss
2012-06-14 06:51 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 07:02 . 2012-06-12 07:02 -------- d-----w- c:\users\Home\AppData\Local\Macromedia
2012-06-09 17:08 . 2012-06-26 19:21 -------- d-----w- c:\users\Home\AppData\Roaming\Skype
2012-06-09 17:08 . 2012-06-09 17:08 -------- d-----r- c:\program files (x86)\Skype
2012-06-09 17:08 . 2012-06-09 17:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-09 17:08 . 2012-06-24 18:29 -------- d-----w- c:\programdata\Skype
2012-06-07 19:35 . 2012-06-07 19:35 -------- d-----w- c:\programdata\AVS4YOU
2012-06-07 19:35 . 2012-06-07 19:35 -------- d-----w- c:\users\Home\AppData\Roaming\AVS4YOU
2012-06-07 19:35 . 2012-03-26 10:27 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-06-07 19:34 . 2010-11-12 18:18 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-06-07 19:34 . 2010-11-12 18:18 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-06-07 19:34 . 2012-06-19 21:46 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-06-03 16:49 . 2012-06-03 16:49 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-03 10:50 . 2010-09-17 09:13 548864 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-06-03 10:50 . 2012-06-03 10:50 -------- d-----w- c:\program files (x86)\Firebird
2012-06-03 10:49 . 2012-06-03 10:49 -------- d-----w- c:\program files (x86)\SpacialAudio
2012-06-02 20:26 . 2012-06-02 20:26 -------- d-----w- c:\users\Home\AppData\Local\backburner
2012-06-02 20:13 . 2012-06-02 20:13 -------- d-----w- c:\programdata\FLEXnet
2012-06-02 20:13 . 2012-06-02 20:28 -------- d-----w- c:\users\Home\AppData\Local\Autodesk
2012-06-02 19:53 . 2012-06-02 20:34 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-06-02 19:52 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-06-02 19:52 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-06-02 19:52 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-06-02 19:52 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-06-02 19:52 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-02 19:52 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-06-02 19:45 . 2012-06-02 20:34 -------- d-----w- c:\programdata\Autodesk
2012-06-02 19:45 . 2012-06-02 20:19 -------- d-----w- c:\users\Home\AppData\Roaming\Autodesk
2012-06-02 19:08 . 2012-06-22 11:13 -------- d-----w- c:\users\Home\AppData\Local\Akamai
2012-05-29 13:47 . 2012-05-29 13:47 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-29 13:39 . 2012-05-29 14:17 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-29 13:33 . 2012-06-02 16:40 -------- d-----w- c:\users\Home\AppData\Local\Adobe
2012-05-29 13:31 . 2012-05-29 20:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-29 06:44 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-05-28 21:03 . 2012-05-28 21:03 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 14:19 . 2012-05-20 15:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 14:19 . 2012-05-20 15:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 23:22 . 2012-05-24 23:22 17408 ----a-w- C:\psapi.dll
2012-05-23 19:36 . 2012-05-23 19:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-23 19:36 . 2012-05-23 19:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-23 19:36 . 2012-05-23 19:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-23 19:36 . 2012-05-23 19:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-23 19:36 . 2012-05-23 19:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-23 19:36 . 2012-05-23 19:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-23 19:36 . 2012-05-23 19:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-23 19:36 . 2012-05-23 19:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-23 19:36 . 2012-05-23 19:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-23 19:36 . 2012-05-23 19:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-23 19:36 . 2012-05-23 19:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-23 19:36 . 2012-05-23 19:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-23 19:36 . 2012-05-23 19:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-23 19:36 . 2012-05-23 19:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-23 19:36 . 2012-05-23 19:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-23 19:36 . 2012-05-23 19:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-23 19:36 . 2012-05-23 19:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-23 19:36 . 2012-05-23 19:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-23 19:36 . 2012-05-23 19:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-23 19:36 . 2012-05-23 19:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-23 19:36 . 2012-05-23 19:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-23 19:36 . 2012-05-23 19:36 448512 ----a-w- c:\windows\system32\html.iec
2012-05-23 19:36 . 2012-05-23 19:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-23 19:36 . 2012-05-23 19:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-23 19:36 . 2012-05-23 19:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-23 19:36 . 2012-05-23 19:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-23 19:36 . 2012-05-23 19:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-23 19:36 . 2012-05-23 19:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-23 19:36 . 2012-05-23 19:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-23 19:36 . 2012-05-23 19:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-23 19:36 . 2012-05-23 19:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-23 19:36 . 2012-05-23 19:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-20 19:14 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-19 03:57 . 2012-05-20 14:28 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-04 16:47 . 2012-05-20 13:43 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-20 13:43 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-21 01:13 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-24 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-23 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={2AB7CF88-F5A5-4BEC-B5F7-3EA29F87431A}&mid=4fa2deac949a47d096364c6fb6b52f59-e876bb3c8da3a73532191cb91557f503331d4dd4&lang=de&ds=st011&pr=sa&d=2012-05-20 16:29&v=11.1.0.7&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 195.34.133.22
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ugfz2ajd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=169ee24800000000000000264de2eea1
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=169ee24800000000000000264de2eea1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4092438412-184320586-3419942764-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6F0A333-4892-DA5C-4E18-5CB9F5EA4B3A}*]
"hahdmmbmpnlmjpcl"=hex:69,61,69,6f,6d,6a,65,63,61,6f,65,69,6d,64,68,6d,6d,6c,
00,00
"iajigbpdomdllmnlma"=hex:63,61,6f,62,62,6a,00,00
"iancapfpbofhahflbg"=hex:6a,61,6a,6f,62,6a,62,6e,6b,6b,70,65,6c,70,68,6b,70,65,
6b,66,00,00
"dbiobjaeghccdjjdcnakpabanbblhffjhcpbkfhd"=hex:68,61,63,66,6e,6b,66,70,67,6e,
66,67,62,64,65,66,00,00
"jbiobjaeghccdjjdcnakaceomegghlnfnablafbojkkepjpfedll"=hex:68,61,63,66,6e,6b,
66,70,67,6e,66,67,62,64,65,66,00,00
"dbiobjaeghccdjjdcnakoombfocngipbkcpaafph"=hex:6a,61,68,62,70,6a,66,6f,6b,69,
63,65,65,69,6c,6e,67,6c,65,6d,00,fb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-27 11:25:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-27 09:25
.
Vor Suchlauf: 6 Verzeichnis(se), 203.409.534.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 203.079.630.848 Bytes frei
.
- - End Of File - - E66790CDD1B38D35290BD466FB9A117B
Code:
ATTFilter OTL logfile created on: 27.06.2012 19:00:42 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Home\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,63% Memory free 7,72 Gb Paging File | 5,48 Gb Available in Paging File | 70,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 188,87 Gb Free Space | 81,10% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 232,37 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={2AB7CF88-F5A5-4BEC-B5F7-3EA29F87431A}&mid=4fa2deac949a47d096364c6fb6b52f59-e876bb3c8da3a73532191cb91557f503331d4dd4&lang=de&ds=st011&pr=sa&d=2012-05-20 16:29:14&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 9C 9A 49 69 36 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=169ee24800000000000000264de2eea1 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2AB7CF88-F5A5-4BEC-B5F7-3EA29F87431A}&mid=4fa2deac949a47d096364c6fb6b52f59-e876bb3c8da3a73532191cb91557f503331d4dd4&lang=de&ds=st011&pr=sa&d=2012-05-20 16:29:14&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=169ee24800000000000000264de2eea1" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=169ee24800000000000000264de2eea1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 19:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.20 11:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2012.06.26 01:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\ugfz2ajd.default\extensions [2012.06.26 01:09:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\ugfz2ajd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.19 19:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.24 20:29:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.26 01:09:18 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UGFZ2AJD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.26 01:09:19 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UGFZ2AJD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.20 16:29:11 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.05.24 13:55:57 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0627A03C-96E2-464A-991D-ABCBED9B0E07}: DhcpNameServer = 195.34.133.21 195.34.133.22 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{89739ABB-45C8-46F1-A561-761BEE2521A6} [2012.06.27 12:15:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{82B41B28-4BED-4067-BAA2-27ACA7A13BD0} [2012.06.27 11:25:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.27 11:12:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.27 10:59:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.27 10:59:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.27 10:59:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.27 10:58:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.27 10:58:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.27 10:57:08 | 004,569,121 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\cf.exe [2012.06.26 21:50:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E5A1E229-EA76-414E-BFA1-262225C4E217} [2012.06.26 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{736A0126-0A17-4DE1-82C9-0CDE53C4DE47} [2012.06.26 00:46:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\HostsXpert [2012.06.26 00:45:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes [2012.06.26 00:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.26 00:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.26 00:45:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.26 00:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.25 23:46:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{55061BCB-DD45-4A02-97AC-8CFA4DF80BB2} [2012.06.25 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FFC38FD8-B75B-42CB-A98F-3EEA9A79E12F} [2012.06.25 09:23:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6622C605-BF49-475F-8FFE-2CE269ED815F} [2012.06.24 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FFADCB59-E3D4-408E-B36D-EC0FD72F8948} [2012.06.24 21:42:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B634CB54-6A18-47ED-9801-45CB9C74E28A} [2012.06.23 16:13:51 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.06.23 16:10:25 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 16:10:25 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 16:10:25 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 16:10:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 16:10:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 16:10:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 16:09:47 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 16:09:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.22 21:26:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Avira [2012.06.22 21:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.22 21:25:08 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.22 21:25:08 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.22 21:25:08 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.22 21:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.22 13:15:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F3CFFE05-D1A6-4B3D-AC12-EB6B04EED0BE} [2012.06.22 13:15:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E316398E-22E9-401B-9DCE-5651253BF45D} [2012.06.20 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4528C24A-8910-4DCF-A313-FA6966981FC4} [2012.06.20 20:49:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1318C3E3-16A4-4F4A-B50F-82C7582C1025} [2012.06.19 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Dominik [2012.06.19 19:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.19 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EE8C99B6-50B3-45C3-95EE-8EEA83473C7F} [2012.06.19 19:41:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0F5ABA50-C8A6-4561-9CBF-03FC05FB6D8C} [2012.06.18 22:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.06.18 22:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012.06.18 22:49:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\FileZilla [2012.06.18 08:23:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\dvdcss [2012.06.16 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{57B48093-610D-4DBD-A553-BAD5C5B7E9FD} [2012.06.15 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{44476619-3427-4509-902E-225A2E84EC64} [2012.06.14 10:58:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 10:58:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 10:58:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 10:58:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 10:58:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 10:58:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 10:58:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 10:58:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 10:57:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 10:57:58 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 10:57:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 10:57:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 10:57:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 08:51:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 08:51:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 08:51:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 08:51:16 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 08:51:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 08:51:15 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 08:51:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.06.14 08:51:09 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 08:51:03 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 08:51:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.14 01:26:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{825DF734-B9EC-45D4-BB71-6A8741E5BB23} [2012.06.14 01:26:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BE1E081F-53E1-41DD-9FC3-9CDC52ADCF7C} [2012.06.12 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Firma [2012.06.12 18:41:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{84D69E3E-E049-481C-8409-8E548567B5E2} [2012.06.12 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BFA1861E-F929-4D51-B764-C7D039F95CDA} [2012.06.12 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Macromedia [2012.06.11 17:43:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F5EA575F-CDFA-4822-82BF-0F6706EFA7CD} [2012.06.11 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FCEA26BB-FAE0-4910-8FB7-E24973E92D03} [2012.06.09 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Skype [2012.06.09 19:08:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.06.09 19:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.09 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.06.09 19:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.06.07 21:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.06.07 21:35:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AVS4YOU [2012.06.07 21:35:01 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2012.06.07 21:34:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2012.06.07 21:34:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2012.06.07 21:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.06.03 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Outlook-Dateien [2012.06.03 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2EB9375B-EA1F-4905-ADFA-1DAF36AA7D24} [2012.06.03 21:09:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38AD7CB4-F19D-4C43-A7BF-AB7C38BE5C27} [2012.06.03 18:49:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2012.06.03 12:50:17 | 000,548,864 | ---- | C] (Firebird Project) -- C:\Windows\SysWow64\GDS32.DLL [2012.06.03 12:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32) [2012.06.03 12:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firebird [2012.06.03 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster [2012.06.03 12:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpacialAudio [2012.06.02 22:26:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\backburner [2012.06.02 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.06.02 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Autodesk [2012.06.02 22:08:12 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Inventor Server x64 3dsMax [2012.06.02 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Inventor Server x64 Direct Connect [2012.06.02 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\3dsMax [2012.06.02 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012.06.02 21:52:39 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2012.06.02 21:52:39 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2012.06.02 21:52:39 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2012.06.02 21:52:39 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2012.06.02 21:52:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2012.06.02 21:52:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2012.06.02 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.06.02 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Autodesk [2012.06.02 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012.06.02 21:08:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Akamai [2012.06.02 18:20:43 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Multiverse Tools [2012.06.02 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\Home\My Documents [2012.06.02 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Multiverse World Browser [2012.06.01 13:36:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1478F58-DEC6-4D12-BF83-266900FC8ACD} [2012.05.29 20:43:11 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Claudia Musik [2012.05.29 15:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.05.29 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.05.29 15:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.05.29 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Adobe [2012.05.29 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.05.29 15:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.05.29 08:45:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012.05.29 08:45:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012.05.29 08:45:07 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012.05.29 08:45:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012.05.29 08:45:07 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012.05.29 08:45:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012.05.29 08:45:06 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012.05.29 08:45:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2012.05.29 08:45:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2012.05.29 08:45:06 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012.05.29 08:45:06 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012.05.29 08:45:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2012.05.29 08:45:03 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2012.05.29 08:45:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2012.05.29 08:45:01 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2012.05.29 08:45:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2012.05.29 08:45:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2012.05.29 08:45:01 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2012.05.29 08:45:00 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2012.05.29 08:45:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2012.05.29 08:44:59 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2012.05.29 08:44:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2012.05.29 08:44:59 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2012.05.29 08:44:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2012.05.29 08:44:59 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2012.05.29 08:44:59 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2012.05.29 08:44:58 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2012.05.29 08:44:58 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2012.05.29 08:44:57 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2012.05.29 08:44:57 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2012.05.29 08:44:54 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2012.05.29 08:44:54 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2012.05.29 08:44:54 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2012.05.29 08:44:54 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2012.05.29 08:44:53 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2012.05.29 08:44:53 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2012.05.29 08:44:53 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2012.05.29 08:44:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2012.05.29 08:44:50 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2012.05.29 08:44:50 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2012.05.29 08:44:50 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2012.05.29 08:44:50 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2012.05.29 08:44:49 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2012.05.29 08:44:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2012.05.29 08:44:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2012.05.29 08:44:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2012.05.29 08:44:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2012.05.29 08:44:49 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2012.05.29 08:44:49 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2012.05.29 08:44:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2012.05.29 08:44:49 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2012.05.29 08:44:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2012.05.29 08:44:48 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2012.05.29 08:44:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.05.29 08:44:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2012.05.29 08:44:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.05.29 08:44:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2012.05.29 08:44:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.05.29 08:44:47 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2012.05.29 08:44:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2012.05.29 08:44:47 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2012.05.29 08:44:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2012.05.29 08:44:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2012.05.29 08:44:45 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2012.05.29 08:44:45 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2012.05.29 08:44:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2012.05.29 08:44:43 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2012.05.29 08:44:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2012.05.29 08:44:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2012.05.29 08:44:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2012.05.29 08:44:42 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2012.05.29 08:44:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2012.05.29 08:44:41 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2012.05.29 08:44:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2012.05.29 08:44:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2012.05.29 08:44:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2012.05.29 08:44:39 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2012.05.29 08:44:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2012.05.29 08:44:39 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2012.05.29 08:44:39 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2012.05.29 08:44:39 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2012.05.29 08:44:39 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2012.05.29 08:44:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2012.05.29 08:44:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2012.05.29 08:44:37 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2012.05.29 08:44:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2012.05.29 08:44:33 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2012.05.29 08:44:33 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2012.05.29 08:44:33 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2012.05.29 08:44:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2012.05.29 08:44:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2012.05.29 08:44:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2012.05.29 08:44:31 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2012.05.29 08:44:31 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2012.05.29 08:44:31 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2012.05.29 08:44:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2012.05.29 08:44:31 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2012.05.29 08:44:31 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2012.05.29 08:44:30 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012.05.29 08:44:30 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012.05.29 08:44:29 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2012.05.29 08:44:29 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2012.05.29 08:44:29 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2012.05.29 08:44:29 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2012.05.29 08:44:28 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2012.05.29 08:44:28 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2012.05.29 08:44:28 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2012.05.29 08:44:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2012.05.29 08:44:27 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2012.05.29 08:44:27 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2012.05.29 08:44:24 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2012.05.29 08:44:24 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2012.05.29 08:44:23 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2012.05.29 08:44:23 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2012.05.29 08:44:23 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2012.05.29 08:44:23 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2012.05.29 08:44:21 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2012.05.29 08:44:21 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2012.05.29 08:44:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2012.05.29 08:44:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2012.05.29 08:44:16 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2012.05.29 08:44:16 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2012.05.29 08:44:13 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2012.05.29 08:44:13 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2012.05.29 08:44:13 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2012.05.29 08:44:13 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2012.05.29 08:44:11 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2012.05.29 08:44:11 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012.05.29 08:44:11 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2012.05.29 08:44:11 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2012.05.29 08:44:11 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2012.05.29 08:44:11 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2012.05.29 08:44:09 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2012.05.29 08:44:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2012.05.29 08:44:09 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2012.05.29 08:44:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012.05.29 08:44:07 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2012.05.29 08:44:07 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2012.05.29 08:44:06 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2012.05.29 08:44:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012.05.29 08:44:04 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2012.05.29 08:44:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2012.05.29 08:43:55 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012.05.29 08:43:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012.05.29 08:43:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2012.05.29 08:43:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2012.05.29 08:43:52 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2012.05.29 08:43:52 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2012.05.29 08:43:52 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2012.05.29 08:43:52 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2012.05.29 08:43:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2012.05.29 08:43:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2012.05.29 08:43:50 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2012.05.29 08:43:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012.05.29 08:43:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2012.05.29 08:43:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2012.05.29 08:43:48 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2012.05.29 08:43:48 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2012.05.29 08:43:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2012.05.29 08:43:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2012.05.29 08:40:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.05.28 23:03:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 18:21:54 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 18:21:54 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 18:19:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 18:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 18:13:58 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 10:57:49 | 004,569,121 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\cf.exe [2012.06.26 00:59:30 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.26 00:59:30 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.26 00:59:30 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.26 00:59:30 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.26 00:59:30 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.23 16:19:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.23 16:19:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.22 21:25:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 13:17:27 | 000,002,397 | ---- | M] () -- C:\Users\Home\Desktop\Tchibo Aktionskalender 2012_SIG - Verknüpfung.lnk [2012.06.19 23:44:19 | 000,002,000 | -H-- | M] () -- C:\Users\Home\Documents\Default.rdp [2012.06.19 19:56:41 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.19 13:44:03 | 004,968,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 00:43:26 | 000,000,000 | ---- | M] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-13 00_43_26.093309.dmp [2012.06.13 00:43:26 | 000,000,000 | ---- | M] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-13 00_43_26.092309.dmp [2012.06.03 21:32:49 | 000,000,000 | ---- | M] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-03 21_32_49.670266.dmp [2012.06.03 17:06:36 | 000,000,000 | ---- | M] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-03 17_06_36.259820.dmp [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.05.29 22:51:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 10:59:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.27 10:59:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.27 10:59:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.27 10:59:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.27 10:59:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.22 21:25:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 13:17:27 | 000,002,397 | ---- | C] () -- C:\Users\Home\Desktop\Tchibo Aktionskalender 2012_SIG - Verknüpfung.lnk [2012.06.19 19:56:41 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.19 19:56:41 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.13 00:43:26 | 000,000,000 | ---- | C] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-13 00_43_26.093309.dmp [2012.06.13 00:43:26 | 000,000,000 | ---- | C] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-13 00_43_26.092309.dmp [2012.06.03 21:32:49 | 000,000,000 | ---- | C] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-03 21_32_49.670266.dmp [2012.06.03 17:06:36 | 000,000,000 | ---- | C] () -- C:\Users\Home\Documents\ts3_clientui-win64-1334913258-2012-06-03 17_06_36.259820.dmp [2012.05.29 22:51:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.29 22:51:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.21 02:10:50 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.20 12:01:58 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.20 11:05:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.17 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft [2012.06.02 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Autodesk [2012.05.24 13:55:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Babylon [2012.06.25 18:14:32 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FileZilla [2012.05.24 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Notepad++ [2012.05.20 16:33:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PowerISO [2012.06.17 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Spotify [2012.05.20 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Toshiba [2012.06.21 12:01:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client [2012.05.20 11:31:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch [2012.06.03 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer [2009.07.14 07:08:49 | 000,023,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1EDB939 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.06.2012 19:00:42 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Home\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,63% Memory free
7,72 Gb Paging File | 5,48 Gb Available in Paging File | 70,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 188,87 Gb Free Space | 81,10% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 232,37 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25A790B0-267B-4AAC-A270-48E9464A06D0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF0F0DE4-E2A3-4EDA-92D8-D95CFD638CEF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FC57E79E-620F-4D25-837B-1E8A6BF08309}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E6086FF-86EF-487F-99B2-55102B5B4156}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{25DE0C1C-8865-444F-8997-E560B44D8C41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D0F96E6-6590-4723-989A-CFFC9C1AEDB4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6FE511D3-CE15-489F-8D74-A0B9988F783F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{987011FC-2450-4F33-87B5-D1635119DC0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9FF87D49-90F5-4237-B008-BA412508D73F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BF074AD0-A9CF-4892-9D13-6B2A9679C555}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1A71FCCF-3817-40BF-B95B-DA37F2263A23}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{3153DAA2-B389-4759-B5F9-C82FC1429738}C:\users\home\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
"TCP Query User{792A4E04-F4EA-4258-A350-04CB91AD5171}C:\users\home\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B56D119A-A8B9-439F-A6A4-8F67D38A41AE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EE90507F-033C-40EC-8460-22002B1C35FA}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
"TCP Query User{FEA8B8B5-A7C9-42CC-8009-6F9DAA5E1667}C:\users\home\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\spotify\spotify.exe |
"UDP Query User{58552948-EE9B-4513-9012-0DC509F0A817}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{64580706-D7E0-442D-AAF2-CA05C319515C}C:\users\home\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A8A6A677-1A4A-407A-9282-74ACE14CA7D8}C:\users\home\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B62CE8EC-7363-405D-A4F1-AE168BC728A9}C:\users\home\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DF7D4881-94D0-4770-A344-60139C3B827B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{F49EA48C-A8FE-492E-820F-CDAC371C16FF}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511D88E4-9922-4DB0-BA3A-F51D24172239}" = bob internet
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"CloneDVD2" = CloneDVD2
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"SAM3" = SAM Broadcaster v4
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2012 15:01:21 | Computer Name = PC-Home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.9.0.123, Zeitstempel:
0x4fce1530 Name des fehlerhaften Moduls: Skype.exe, Version: 5.9.0.123, Zeitstempel:
0x4fce1530 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00703b94 ID des fehlerhaften Prozesses:
0x7f4 Startzeit der fehlerhaften Anwendung: 0x01cd52e14b8fdda4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Skype\Phone\Skype.exe Berichtskennung: 267f2063-bef8-11e1-b136-f92e5a5ff4f3
Error - 25.06.2012 18:41:38 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 18:54:42 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 20:08:10 | Computer Name = PC-Home | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 180 Startzeit: 01cd532fa549a2e0 Endzeit: 38 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: ef759acd-bf22-11e1-b6af-88959a04a1ab
Error - 26.06.2012 04:23:48 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 26.06.2012 17:03:40 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 04:37:47 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 05:13:57 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 05:59:34 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 12:15:54 | Computer Name = PC-Home | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.06.2012 05:12:08 | Computer Name = PC-Home | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.06.2012 05:12:08 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.06.2012 05:12:17 | Computer Name = PC-Home | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 27.06.2012 05:44:06 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.06.2012 05:57:45 | Computer Name = PC-Home | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.06.2012 05:57:45 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.06.2012 06:34:09 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.06.2012 06:58:05 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.06.2012 12:14:02 | Computer Name = PC-Home | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.06.2012 12:14:02 | Computer Name = PC-Home | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
 Geändert von Iwasaka (27.06.2012 um 18:37 Uhr) |
|
29.06.2012, 21:38
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EXP/0507.CN.2 - EXP/12-0507.DE - SecurityShield - TR/FakeAV.ash Warum hast du Combofix ausgeführt?
__________________
__________________ |
|
| Themen zu EXP/0507.CN.2 - EXP/12-0507.DE - SecurityShield - TR/FakeAV.ash |
| 2.0.7, acrobat update, alternate, antivirus, autorun, avira, bho, cid, combofix, desktop, document, exp/0507.cn.2, exp/12-0507.de, firefox, firefox 13.0.1, flash player, frage, helper, home, langs, logfile, microsoft office word, mozilla, nodrives, object, plug-in, prozesse, realtek, registry, scan, search the web, searchscopes, securityshield, senden, siehe titel, software, spotify web helper, system, trojaner, version=1.0, virus, windows |
Linear-Darstellung
