Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mystar incredybar löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.12.2012, 18:44   #1
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Hey Leute bin relativ neu und habe wie viele auch das problem mit der Mystar Incredybar deswegen bin ich auf eure seite gekommen. hab dan auch nach eurer anleitung gemacht angefangen allerdings nach dem scan zeigte er einfach an das nichts infiziert ist:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

02.12.2012 10:17:51
mbam-log-2012-12-02 (10-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 483721
Laufzeit: 1 Stunde(n), 45 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich benutze Google Chrome auf Windows Vista
ich hoffe ihr könnt mir weiterhelfen ;D

Alt 03.12.2012, 15:40   #2
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller.
__________________

__________________

Alt 03.12.2012, 17:11   #3
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Danke für deine Antwort
Da die Dateien zu gros sind um beide in eins zu schreiben mach ich zwei antworten draus ich hoffe das ist nicht schlimm.
1 OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 16:57:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free
8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4812_1&babsrc=HP_ss&mntrId=e0acb527000000000000001f3f08cbc1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\
CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper
[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft
[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler
[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8
[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU
[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung
[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken
[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla
[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf
[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >
         
--- --- ---
__________________

Alt 03.12.2012, 17:17   #4
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



2 Extra:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 16:57:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free
8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Claro Search
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\
CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper
[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft
[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler
[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8
[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU
[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung
[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken
[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla
[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf
[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >
         
--- --- ---

Alt 03.12.2012, 17:19   #5
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



2 EXTRA:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 16:57:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free
8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Claro Search
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\
CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun
O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun
O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon
[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper
[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft
[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler
[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8
[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU
[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung
[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken
[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla
[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk
[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf
[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >
         
--- --- ---


Alt 03.12.2012, 17:21   #6
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Sry das das so oft gepostet wurde weis net warum -.-

Hier noch die defrogger sachen:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:27 on 03/12/2012 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Geändert von Nirobe (03.12.2012 um 17:34 Uhr)

Alt 03.12.2012, 19:34   #7
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Servus,


fehlen noch aswMBr und TDSSKiller.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 03.12.2012, 20:24   #8
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Schritt 3:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-03 17:36:24
-----------------------------
17:36:24.162 OS Version: Windows x64 6.0.6002 Service Pack 2
17:36:24.162 Number of processors: 4 586 0x203
17:36:24.162 ComputerName: JAN-PC UserName: Jan
17:36:28.998 Initialize success
17:40:10.462 AVAST engine defs: 12120200
17:40:21.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:40:21.016 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715404MB BusType: 3
17:40:21.059 Disk 0 MBR read successfully
17:40:21.062 Disk 0 MBR scan
17:40:21.067 Disk 0 Windows VISTA default MBR code
17:40:21.083 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 707401 MB offset 2048
17:40:21.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 1448761344
17:40:21.199 Disk 0 scanning C:\Windows\system32\drivers
17:40:33.479 Service scanning
17:40:54.817 Modules scanning
17:40:54.824 Disk 0 trace - called modules:
17:40:54.838 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:40:54.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061b4790]
17:40:54.846 3 CLASSPNP.SYS[fffffa6000dc7c33] -> nt!IofCallDriver -> [0xfffffa800492d520]
17:40:54.853 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004993940]
17:40:58.709 AVAST engine scan C:\Windows
17:41:04.970 AVAST engine scan C:\Windows\system32
17:45:53.673 AVAST engine scan C:\Windows\system32\drivers
17:46:15.094 AVAST engine scan C:\Users\Jan
18:14:49.500 AVAST engine scan C:\ProgramData
18:15:56.850 Scan finished successfully
20:22:58.014 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
20:22:58.019 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"

Schritt 4:
20:25:27.0145 1980 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:25:27.0330 1980 ============================================================
20:25:27.0330 1980 Current date / time: 2012/12/03 20:25:27.0330
20:25:27.0330 1980 SystemInfo:
20:25:27.0330 1980
20:25:27.0330 1980 OS Version: 6.0.6002 ServicePack: 2.0
20:25:27.0330 1980 Product type: Workstation
20:25:27.0330 1980 ComputerName: JAN-PC
20:25:27.0330 1980 UserName: Jan
20:25:27.0330 1980 Windows directory: C:\Windows
20:25:27.0330 1980 System windows directory: C:\Windows
20:25:27.0330 1980 Running under WOW64
20:25:27.0330 1980 Processor architecture: Intel x64
20:25:27.0330 1980 Number of processors: 4
20:25:27.0330 1980 Page size: 0x1000
20:25:27.0330 1980 Boot type: Normal boot
20:25:27.0330 1980 ============================================================
20:25:28.0235 1980 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:28.0259 1980 ============================================================
20:25:28.0259 1980 \Device\Harddisk0\DR0:
20:25:28.0260 1980 MBR partitions:
20:25:28.0260 1980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x565A4FF8
20:25:28.0260 1980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x565A5800, BlocksNum 0xFA0000
20:25:28.0260 1980 ============================================================
20:25:28.0283 1980 C: <-> \Device\Harddisk0\DR0\Partition1
20:25:28.0315 1980 D: <-> \Device\Harddisk0\DR0\Partition2
20:25:28.0315 1980 ============================================================
20:25:28.0315 1980 Initialize success
20:25:28.0315 1980 ============================================================
20:25:31.0627 2220 ============================================================
20:25:31.0627 2220 Scan started
20:25:31.0627 2220 Mode: Manual;
20:25:31.0627 2220 ============================================================
20:25:32.0941 2220 ================ Scan system memory ========================
20:25:32.0941 2220 System memory - ok
20:25:32.0942 2220 ================ Scan services =============================
20:25:33.0138 2220 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:25:33.0140 2220 ACPI - ok
20:25:33.0172 2220 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:25:33.0181 2220 adp94xx - ok
20:25:33.0194 2220 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:25:33.0200 2220 adpahci - ok
20:25:33.0209 2220 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:25:33.0210 2220 adpu160m - ok
20:25:33.0217 2220 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:25:33.0219 2220 adpu320 - ok
20:25:33.0257 2220 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:25:33.0258 2220 AeLookupSvc - ok
20:25:33.0324 2220 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
20:25:33.0331 2220 AFD - ok
20:25:33.0610 2220 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:25:33.0612 2220 agp440 - ok
20:25:33.0623 2220 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:25:33.0625 2220 aic78xx - ok
20:25:33.0759 2220 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
20:25:33.0759 2220 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
20:25:33.0768 2220 Akamai ( HiddenFile.Multi.Generic ) - warning
20:25:33.0768 2220 Akamai - detected HiddenFile.Multi.Generic (1)
20:25:33.0779 2220 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
20:25:33.0781 2220 ALG - ok
20:25:33.0794 2220 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
20:25:33.0795 2220 aliide - ok
20:25:33.0808 2220 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
20:25:33.0808 2220 amdide - ok
20:25:33.0821 2220 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:25:33.0822 2220 AmdK8 - ok
20:25:33.0851 2220 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
20:25:33.0852 2220 androidusb - ok
20:25:33.0913 2220 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:25:33.0915 2220 AntiVirSchedulerService - ok
20:25:33.0948 2220 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:25:33.0950 2220 AntiVirService - ok
20:25:33.0969 2220 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
20:25:33.0971 2220 Appinfo - ok
20:25:33.0975 2220 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
20:25:33.0977 2220 arc - ok
20:25:34.0003 2220 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:25:34.0005 2220 arcsas - ok
20:25:34.0029 2220 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:34.0030 2220 AsyncMac - ok
20:25:34.0054 2220 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
20:25:34.0055 2220 atapi - ok
20:25:34.0092 2220 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:25:34.0096 2220 atksgt - ok
20:25:34.0137 2220 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:25:34.0142 2220 AudioEndpointBuilder - ok
20:25:34.0149 2220 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:25:34.0152 2220 AudioSrv - ok
20:25:34.0164 2220 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:25:34.0164 2220 avgntflt - ok
20:25:34.0172 2220 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:25:34.0175 2220 avipbb - ok
20:25:34.0188 2220 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:25:34.0189 2220 avkmgr - ok
20:25:34.0217 2220 [ D1A9AE485FFF7C72CA50D8949B2210B9 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
20:25:34.0222 2220 AVM WLAN Connection Service - ok
20:25:34.0234 2220 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
20:25:34.0235 2220 avmeject - ok
20:25:34.0270 2220 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
20:25:34.0278 2220 BFE - ok
20:25:34.0321 2220 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
20:25:34.0339 2220 BITS - ok
20:25:34.0351 2220 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:25:34.0351 2220 blbdrive - ok
20:25:34.0385 2220 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:25:34.0387 2220 bowser - ok
20:25:34.0398 2220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:25:34.0399 2220 BrFiltLo - ok
20:25:34.0410 2220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:25:34.0410 2220 BrFiltUp - ok
20:25:34.0434 2220 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
20:25:34.0435 2220 Browser - ok
20:25:34.0447 2220 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
20:25:34.0450 2220 Brserid - ok
20:25:34.0465 2220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:25:34.0466 2220 BrSerWdm - ok
20:25:34.0479 2220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:25:34.0480 2220 BrUsbMdm - ok
20:25:34.0494 2220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:25:34.0495 2220 BrUsbSer - ok
20:25:34.0505 2220 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:25:34.0506 2220 BTHMODEM - ok
20:25:34.0525 2220 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:25:34.0528 2220 cdfs - ok
20:25:34.0566 2220 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:25:34.0568 2220 cdrom - ok
20:25:34.0573 2220 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
20:25:34.0574 2220 CertPropSvc - ok
20:25:34.0582 2220 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
20:25:34.0584 2220 circlass - ok
20:25:34.0614 2220 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
20:25:34.0621 2220 CLFS - ok
20:25:34.0665 2220 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:34.0667 2220 clr_optimization_v2.0.50727_32 - ok
20:25:34.0719 2220 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:25:34.0721 2220 clr_optimization_v2.0.50727_64 - ok
20:25:34.0804 2220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:25:34.0807 2220 clr_optimization_v4.0.30319_32 - ok
20:25:34.0837 2220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:25:34.0840 2220 clr_optimization_v4.0.30319_64 - ok
20:25:34.0848 2220 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:25:34.0849 2220 cmdide - ok
20:25:34.0861 2220 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:25:34.0863 2220 Compbatt - ok
20:25:34.0866 2220 COMSysApp - ok
20:25:34.0884 2220 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:25:34.0884 2220 crcdisk - ok
20:25:34.0912 2220 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:25:34.0916 2220 CryptSvc - ok
20:25:34.0956 2220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:25:34.0968 2220 DcomLaunch - ok
20:25:34.0979 2220 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:25:34.0981 2220 DfsC - ok
20:25:35.0038 2220 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
20:25:35.0089 2220 DFSR - ok
20:25:35.0125 2220 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:25:35.0128 2220 Dhcp - ok
20:25:35.0152 2220 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
20:25:35.0153 2220 disk - ok
20:25:35.0183 2220 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:25:35.0184 2220 Dnscache - ok
20:25:35.0212 2220 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
20:25:35.0216 2220 dot3svc - ok
20:25:35.0240 2220 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
20:25:35.0243 2220 DPS - ok
20:25:35.0269 2220 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:25:35.0270 2220 drmkaud - ok
20:25:35.0321 2220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:25:35.0325 2220 dtsoftbus01 - ok
20:25:35.0370 2220 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:25:35.0382 2220 DXGKrnl - ok
20:25:35.0410 2220 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:25:35.0414 2220 E1G60 - ok
20:25:35.0427 2220 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
20:25:35.0430 2220 EapHost - ok
20:25:35.0454 2220 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
20:25:35.0455 2220 Ecache - ok
20:25:35.0501 2220 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:25:35.0507 2220 ehRecvr - ok
20:25:35.0512 2220 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
20:25:35.0513 2220 ehSched - ok
20:25:35.0526 2220 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
20:25:35.0528 2220 ehstart - ok
20:25:35.0547 2220 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:25:35.0554 2220 elxstor - ok
20:25:35.0571 2220 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:25:35.0575 2220 EMDMgmt - ok
20:25:35.0584 2220 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:25:35.0585 2220 ErrDev - ok
20:25:35.0617 2220 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
20:25:35.0623 2220 EventSystem - ok
20:25:35.0647 2220 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
20:25:35.0651 2220 exfat - ok
20:25:35.0663 2220 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:25:35.0667 2220 fastfat - ok
20:25:35.0694 2220 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:25:35.0695 2220 fdc - ok
20:25:35.0704 2220 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
20:25:35.0705 2220 fdPHost - ok
20:25:35.0719 2220 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
20:25:35.0720 2220 FDResPub - ok
20:25:35.0731 2220 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:25:35.0733 2220 FileInfo - ok
20:25:35.0746 2220 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:25:35.0746 2220 Filetrace - ok
20:25:35.0831 2220 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZillaServer c:\xampp\FileZillaFTP\FileZillaServer.exe
20:25:35.0844 2220 FileZillaServer - ok
20:25:35.0877 2220 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:35.0878 2220 flpydisk - ok
20:25:35.0895 2220 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:25:35.0897 2220 FltMgr - ok
20:25:36.0096 2220 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
20:25:36.0655 2220 FontCache - ok
20:25:36.0698 2220 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:25:36.0699 2220 FontCache3.0.0.0 - ok
20:25:36.0718 2220 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:25:36.0719 2220 Fs_Rec - ok
20:25:36.0755 2220 [ 630CB27253EA63BB0990C40C72BFCFE1 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
20:25:36.0764 2220 fwlanusbn - ok
20:25:36.0777 2220 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:25:36.0779 2220 gagp30kx - ok
20:25:36.0814 2220 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
20:25:36.0824 2220 gpsvc - ok
20:25:36.0887 2220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:25:36.0888 2220 gupdate - ok
20:25:36.0892 2220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:25:36.0893 2220 gupdatem - ok
20:25:36.0926 2220 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:25:36.0928 2220 hamachi - ok
20:25:36.0982 2220 [ D483DBAEF409E8AB7477C28615FCD853 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:25:37.0028 2220 Hamachi2Svc - ok
20:25:37.0078 2220 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
20:25:37.0079 2220 hcmon - ok
20:25:37.0129 2220 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:25:37.0139 2220 HdAudAddService - ok
20:25:37.0194 2220 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:25:37.0205 2220 HDAudBus - ok
20:25:37.0219 2220 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:25:37.0220 2220 HidBth - ok
20:25:37.0233 2220 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:25:37.0233 2220 HidIr - ok
20:25:37.0245 2220 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
20:25:37.0246 2220 hidserv - ok
20:25:37.0260 2220 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:25:37.0261 2220 HidUsb - ok
20:25:37.0282 2220 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
20:25:37.0285 2220 hkmsvc - ok
20:25:37.0313 2220 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:25:37.0315 2220 HpCISSs - ok
20:25:37.0343 2220 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:25:37.0350 2220 HTTP - ok
20:25:37.0364 2220 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:25:37.0365 2220 i2omp - ok
20:25:37.0376 2220 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:25:37.0377 2220 i8042prt - ok
20:25:37.0388 2220 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:25:37.0393 2220 iaStorV - ok
20:25:37.0441 2220 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:25:37.0455 2220 idsvc - ok
20:25:37.0474 2220 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:25:37.0475 2220 iirsp - ok
20:25:37.0489 2220 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
20:25:37.0497 2220 IKEEXT - ok
20:25:37.0520 2220 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
20:25:37.0521 2220 intelide - ok
20:25:37.0525 2220 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:25:37.0526 2220 intelppm - ok
20:25:37.0540 2220 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:25:37.0543 2220 IPBusEnum - ok
20:25:37.0559 2220 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:37.0560 2220 IpFilterDriver - ok
20:25:37.0588 2220 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:25:37.0593 2220 iphlpsvc - ok
20:25:37.0596 2220 IpInIp - ok
20:25:37.0613 2220 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:25:37.0615 2220 IPMIDRV - ok
20:25:37.0619 2220 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:25:37.0621 2220 IPNAT - ok
20:25:37.0625 2220 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:25:37.0625 2220 IRENUM - ok
20:25:37.0644 2220 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:25:37.0645 2220 isapnp - ok
20:25:37.0657 2220 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:25:37.0660 2220 iScsiPrt - ok
20:25:37.0669 2220 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:25:37.0670 2220 iteatapi - ok
20:25:37.0683 2220 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:25:37.0685 2220 iteraid - ok
20:25:37.0700 2220 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:37.0702 2220 kbdclass - ok
20:25:37.0705 2220 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:37.0706 2220 kbdhid - ok
20:25:37.0747 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
20:25:37.0749 2220 KeyIso - ok
20:25:37.0767 2220 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:25:37.0772 2220 KSecDD - ok
20:25:37.0776 2220 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:25:37.0777 2220 ksthunk - ok
20:25:37.0805 2220 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
20:25:37.0812 2220 KtmRm - ok
20:25:37.0837 2220 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:25:37.0842 2220 LanmanServer - ok
20:25:37.0871 2220 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:25:37.0874 2220 LanmanWorkstation - ok
20:25:37.0898 2220 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:25:37.0899 2220 lirsgt - ok
20:25:37.0914 2220 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:25:37.0916 2220 lltdio - ok
20:25:37.0929 2220 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:25:37.0932 2220 lltdsvc - ok
20:25:37.0947 2220 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:25:37.0949 2220 lmhosts - ok
20:25:37.0964 2220 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:25:37.0965 2220 LSI_FC - ok
20:25:37.0976 2220 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:25:37.0978 2220 LSI_SAS - ok
20:25:37.0992 2220 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:25:37.0994 2220 LSI_SCSI - ok
20:25:38.0011 2220 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
20:25:38.0013 2220 luafv - ok
20:25:38.0038 2220 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:25:38.0040 2220 Mcx2Svc - ok
20:25:38.0058 2220 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
20:25:38.0059 2220 megasas - ok
20:25:38.0078 2220 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:25:38.0085 2220 MegaSR - ok
20:25:38.0097 2220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
20:25:38.0099 2220 MMCSS - ok
20:25:38.0136 2220 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
20:25:38.0137 2220 Modem - ok
20:25:38.0141 2220 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:25:38.0141 2220 monitor - ok
20:25:38.0159 2220 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:25:38.0160 2220 mouclass - ok
20:25:38.0164 2220 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:25:38.0165 2220 mouhid - ok
20:25:38.0169 2220 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:25:38.0171 2220 MountMgr - ok
20:25:38.0200 2220 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:25:38.0202 2220 mpio - ok
20:25:38.0215 2220 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:25:38.0218 2220 mpsdrv - ok
20:25:38.0250 2220 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
20:25:38.0261 2220 MpsSvc - ok
20:25:38.0275 2220 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:25:38.0277 2220 Mraid35x - ok
20:25:38.0295 2220 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:25:38.0297 2220 MRxDAV - ok
20:25:38.0314 2220 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:38.0316 2220 mrxsmb - ok
20:25:38.0330 2220 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:38.0333 2220 mrxsmb10 - ok
20:25:38.0343 2220 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:38.0344 2220 mrxsmb20 - ok
20:25:38.0393 2220 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
20:25:38.0394 2220 msahci - ok
20:25:38.0403 2220 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:25:38.0404 2220 msdsm - ok
20:25:38.0424 2220 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
20:25:38.0426 2220 MSDTC - ok
20:25:38.0446 2220 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:25:38.0447 2220 Msfs - ok
20:25:38.0458 2220 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:25:38.0458 2220 msisadrv - ok
20:25:38.0487 2220 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:25:38.0489 2220 MSiSCSI - ok
20:25:38.0492 2220 msiserver - ok
20:25:38.0511 2220 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:25:38.0512 2220 MSKSSRV - ok
20:25:38.0516 2220 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:38.0517 2220 MSPCLOCK - ok
20:25:38.0542 2220 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:25:38.0543 2220 MSPQM - ok
20:25:38.0557 2220 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:25:38.0561 2220 MsRPC - ok
20:25:38.0567 2220 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:25:38.0568 2220 mssmbios - ok
20:25:38.0579 2220 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:25:38.0580 2220 MSTEE - ok
20:25:38.0593 2220 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
20:25:38.0594 2220 Mup - ok
20:25:38.0614 2220 mysql - ok
20:25:38.0639 2220 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
20:25:38.0647 2220 napagent - ok
20:25:38.0668 2220 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:25:38.0669 2220 NativeWifiP - ok
20:25:38.0693 2220 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:25:38.0700 2220 NDIS - ok
20:25:38.0705 2220 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:38.0705 2220 NdisTapi - ok
20:25:38.0709 2220 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:38.0710 2220 Ndisuio - ok
20:25:38.0723 2220 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:38.0726 2220 NdisWan - ok
20:25:38.0735 2220 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:25:38.0736 2220 NDProxy - ok
20:25:38.0740 2220 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:25:38.0741 2220 NetBIOS - ok
20:25:38.0758 2220 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:25:38.0760 2220 netbt - ok
20:25:38.0767 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
20:25:38.0768 2220 Netlogon - ok
20:25:38.0791 2220 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
20:25:38.0797 2220 Netman - ok
20:25:38.0812 2220 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
20:25:38.0819 2220 netprofm - ok
20:25:38.0845 2220 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:25:38.0855 2220 NetTcpPortSharing - ok
20:25:38.0880 2220 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:25:38.0882 2220 nfrd960 - ok
20:25:38.0914 2220 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
20:25:38.0918 2220 NlaSvc - ok
20:25:38.0929 2220 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:25:38.0930 2220 Npfs - ok
20:25:38.0940 2220 npggsvc - ok
20:25:38.0960 2220 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
20:25:38.0962 2220 nsi - ok
20:25:38.0988 2220 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:25:38.0989 2220 nsiproxy - ok
20:25:39.0037 2220 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:25:39.0060 2220 Ntfs - ok
20:25:39.0064 2220 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
20:25:39.0065 2220 Null - ok
20:25:39.0390 2220 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:25:39.0585 2220 nvlddmkm - ok
20:25:39.0605 2220 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:25:39.0607 2220 nvraid - ok
20:25:39.0618 2220 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:25:39.0619 2220 nvstor - ok
20:25:39.0666 2220 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
20:25:39.0681 2220 nvsvc - ok
20:25:39.0736 2220 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:25:39.0755 2220 nvUpdatusService - ok
20:25:39.0766 2220 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:25:39.0768 2220 nv_agp - ok
20:25:39.0771 2220 NwlnkFlt - ok
20:25:39.0775 2220 NwlnkFwd - ok
20:25:39.0789 2220 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:25:39.0791 2220 ohci1394 - ok
20:25:39.0827 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:25:39.0844 2220 p2pimsvc - ok
20:25:39.0859 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
20:25:39.0865 2220 p2psvc - ok
20:25:39.0886 2220 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:25:39.0888 2220 Parport - ok
20:25:39.0909 2220 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:25:39.0910 2220 partmgr - ok
20:25:39.0933 2220 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
20:25:39.0935 2220 PcaSvc - ok
20:25:39.0979 2220 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
20:25:39.0982 2220 pci - ok
20:25:40.0012 2220 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
20:25:40.0012 2220 pciide - ok
20:25:40.0275 2220 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:25:40.0280 2220 pcmcia - ok
20:25:40.0303 2220 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:25:40.0317 2220 PEAUTH - ok
20:25:40.0412 2220 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:25:40.0415 2220 PerfHost - ok
20:25:40.0455 2220 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
20:25:40.0477 2220 pla - ok
20:25:40.0502 2220 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:25:40.0509 2220 PlugPlay - ok
20:25:40.0526 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:25:40.0532 2220 PNRPAutoReg - ok
20:25:40.0544 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:25:40.0550 2220 PNRPsvc - ok
20:25:40.0570 2220 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:25:40.0579 2220 PolicyAgent - ok
20:25:40.0608 2220 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:25:40.0610 2220 PptpMiniport - ok
20:25:40.0620 2220 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:25:40.0621 2220 Processor - ok
20:25:40.0633 2220 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
20:25:40.0637 2220 ProfSvc - ok
20:25:40.0650 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:25:40.0651 2220 ProtectedStorage - ok
20:25:40.0676 2220 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:25:40.0678 2220 PSched - ok
20:25:40.0713 2220 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:25:40.0732 2220 ql2300 - ok
20:25:40.0756 2220 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:25:40.0759 2220 ql40xx - ok
20:25:40.0792 2220 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
20:25:40.0798 2220 QWAVE - ok
20:25:40.0812 2220 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:25:40.0814 2220 QWAVEdrv - ok
20:25:40.0822 2220 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:25:40.0824 2220 RasAcd - ok
20:25:40.0838 2220 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:25:40.0842 2220 RasAuto - ok
20:25:40.0853 2220 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:25:40.0855 2220 Rasl2tp - ok
20:25:40.0872 2220 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
20:25:40.0878 2220 RasMan - ok
20:25:40.0896 2220 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:25:40.0897 2220 RasPppoe - ok
20:25:40.0919 2220 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:25:40.0921 2220 RasSstp - ok
20:25:40.0950 2220 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:25:40.0954 2220 rdbss - ok
20:25:40.0995 2220 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:25:40.0995 2220 RDPCDD - ok
20:25:41.0017 2220 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:25:41.0022 2220 rdpdr - ok
20:25:41.0027 2220 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:25:41.0028 2220 RDPENCDD - ok
20:25:41.0076 2220 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:25:41.0081 2220 RDPWD - ok
20:25:41.0104 2220 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:25:41.0105 2220 RemoteAccess - ok
20:25:41.0131 2220 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:25:41.0136 2220 RemoteRegistry - ok
20:25:41.0156 2220 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
20:25:41.0158 2220 RpcLocator - ok
20:25:41.0176 2220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
20:25:41.0181 2220 RpcSs - ok
20:25:41.0204 2220 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:25:41.0206 2220 rspndr - ok
20:25:41.0237 2220 [ C6701C5F6781D7DED9208A4D554AC37B ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:25:41.0239 2220 RTL8169 - ok
20:25:41.0242 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
20:25:41.0244 2220 SamSs - ok
20:25:41.0249 2220 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:25:41.0251 2220 sbp2port - ok
20:25:41.0264 2220 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:25:41.0268 2220 SCardSvr - ok
20:25:41.0301 2220 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
20:25:41.0312 2220 Schedule - ok
20:25:41.0338 2220 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:25:41.0339 2220 SCPolicySvc - ok
20:25:41.0361 2220 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:25:41.0365 2220 SDRSVC - ok
20:25:41.0379 2220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:25:41.0380 2220 secdrv - ok
20:25:41.0385 2220 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
20:25:41.0387 2220 seclogon - ok
20:25:41.0396 2220 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
20:25:41.0399 2220 SENS - ok
20:25:41.0408 2220 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:25:41.0409 2220 Serenum - ok
20:25:41.0425 2220 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
20:25:41.0426 2220 Serial - ok
20:25:41.0441 2220 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:25:41.0442 2220 sermouse - ok
20:25:41.0459 2220 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:25:41.0462 2220 SessionEnv - ok
20:25:41.0470 2220 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:25:41.0471 2220 sffdisk - ok
20:25:41.0484 2220 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:25:41.0485 2220 sffp_mmc - ok
20:25:41.0493 2220 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:25:41.0494 2220 sffp_sd - ok
20:25:41.0504 2220 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:25:41.0505 2220 sfloppy - ok
20:25:41.0520 2220 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:25:41.0527 2220 SharedAccess - ok
20:25:41.0579 2220 [ 66CFDF478939DD6388858DE06F2CE14C ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:25:41.0585 2220 ShellHWDetection - ok
20:25:41.0595 2220 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:25:41.0596 2220 SiSRaid2 - ok
20:25:41.0611 2220 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:25:41.0613 2220 SiSRaid4 - ok
20:25:41.0663 2220 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:25:41.0667 2220 SkypeUpdate - ok
20:25:42.0345 2220 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
20:25:42.0626 2220 slsvc - ok
20:25:42.0650 2220 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:25:42.0653 2220 SLUINotify - ok
20:25:42.0677 2220 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:25:42.0678 2220 Smb - ok
20:25:42.0708 2220 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:25:42.0721 2220 SNMPTRAP - ok
20:25:42.0742 2220 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
20:25:42.0743 2220 spldr - ok
20:25:42.0816 2220 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
20:25:42.0822 2220 Spooler - ok
20:25:42.0852 2220 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
20:25:42.0859 2220 srv - ok
20:25:42.0871 2220 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:25:42.0879 2220 srv2 - ok
20:25:42.0896 2220 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:25:42.0897 2220 srvnet - ok
20:25:42.0929 2220 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
20:25:42.0932 2220 ssadbus - ok
20:25:42.0956 2220 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:25:42.0957 2220 ssadmdfl - ok
20:25:42.0972 2220 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
20:25:42.0973 2220 ssadmdm - ok
20:25:42.0996 2220 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:25:42.0999 2220 sscdbus - ok
20:25:43.0031 2220 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:25:43.0032 2220 sscdmdfl - ok
20:25:43.0056 2220 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:25:43.0057 2220 sscdmdm - ok
20:25:43.0106 2220 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:25:43.0118 2220 SSDPSRV - ok
20:25:43.0152 2220 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:25:43.0155 2220 SstpSvc - ok
20:25:43.0193 2220 Steam Client Service - ok
20:25:43.0275 2220 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:25:43.0287 2220 Stereo Service - ok
20:25:43.0319 2220 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
20:25:43.0329 2220 stisvc - ok
20:25:43.0354 2220 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:25:43.0355 2220 swenum - ok
20:25:43.0420 2220 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
20:25:43.0427 2220 swprv - ok
20:25:43.0435 2220 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:25:43.0437 2220 Symc8xx - ok
20:25:43.0447 2220 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:25:43.0449 2220 Sym_hi - ok
20:25:43.0474 2220 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:25:43.0475 2220 Sym_u3 - ok
20:25:43.0519 2220 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
20:25:43.0546 2220 SysMain - ok
20:25:43.0577 2220 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:25:43.0580 2220 TabletInputService - ok
20:25:43.0609 2220 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:25:43.0615 2220 TapiSrv - ok
20:25:43.0657 2220 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
20:25:43.0659 2220 TBS - ok
20:25:43.0821 2220 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:25:43.0838 2220 Tcpip - ok
20:25:43.0860 2220 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:25:43.0868 2220 Tcpip6 - ok
20:25:43.0921 2220 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:25:43.0930 2220 tcpipreg - ok
20:25:43.0946 2220 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:25:43.0948 2220 TDPIPE - ok
20:25:43.0981 2220 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:25:44.0008 2220 TDTCP - ok
20:25:44.0035 2220 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:25:44.0036 2220 tdx - ok
20:25:44.0136 2220 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:25:44.0186 2220 TeamViewer7 - ok
20:25:44.0205 2220 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:25:44.0206 2220 TermDD - ok
20:25:44.0234 2220 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
20:25:44.0255 2220 TermService - ok
20:25:44.0283 2220 [ 66CFDF478939DD6388858DE06F2CE14C ] Themes C:\Windows\system32\shsvcs.dll
20:25:44.0285 2220 Themes - ok
20:25:44.0301 2220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
20:25:44.0302 2220 THREADORDER - ok
20:25:44.0335 2220 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
20:25:44.0341 2220 TrkWks - ok
20:25:44.0377 2220 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:25:44.0377 2220 TrustedInstaller - ok
20:25:44.0393 2220 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:25:44.0395 2220 tssecsrv - ok
20:25:44.0405 2220 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:25:44.0405 2220 tunmp - ok
20:25:44.0430 2220 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:25:44.0431 2220 tunnel - ok
20:25:44.0445 2220 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:25:44.0446 2220 uagp35 - ok
20:25:44.0502 2220 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:25:44.0519 2220 udfs - ok
20:25:44.0548 2220 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:25:44.0550 2220 UI0Detect - ok
20:25:44.0561 2220 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:25:44.0564 2220 uliagpkx - ok
20:25:44.0582 2220 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:25:44.0585 2220 uliahci - ok
20:25:44.0599 2220 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:25:44.0603 2220 UlSata - ok
20:25:44.0617 2220 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:25:44.0620 2220 ulsata2 - ok
20:25:44.0636 2220 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:25:44.0637 2220 umbus - ok
20:25:44.0650 2220 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
20:25:44.0657 2220 upnphost - ok
20:25:44.0698 2220 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:25:44.0699 2220 usbaudio - ok
20:25:44.0734 2220 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:25:44.0736 2220 usbccgp - ok
20:25:44.0752 2220 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:25:44.0753 2220 usbcir - ok
20:25:44.0793 2220 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:25:44.0795 2220 usbehci - ok
20:25:44.0811 2220 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:25:44.0814 2220 usbhub - ok
20:25:44.0848 2220 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:25:44.0849 2220 usbohci - ok
20:25:44.0857 2220 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:25:44.0858 2220 usbprint - ok
20:25:44.0904 2220 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:25:44.0905 2220 USBSTOR - ok
20:25:44.0940 2220 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:25:44.0941 2220 usbuhci - ok
20:25:44.0960 2220 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
20:25:44.0972 2220 UxSms - ok
20:25:45.0003 2220 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
20:25:45.0012 2220 vds - ok
20:25:45.0025 2220 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:25:45.0027 2220 vga - ok
20:25:45.0041 2220 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:25:45.0042 2220 VgaSave - ok
20:25:45.0054 2220 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
20:25:45.0055 2220 viaide - ok
20:25:45.0121 2220 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
20:25:45.0134 2220 VMAuthdService - ok
20:25:45.0186 2220 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
20:25:45.0199 2220 vmci - ok
20:25:45.0242 2220 [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
20:25:45.0244 2220 vmkbd - ok
20:25:45.0268 2220 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:25:45.0269 2220 VMnetAdapter - ok
20:25:45.0282 2220 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:25:45.0295 2220 VMnetBridge - ok
20:25:45.0299 2220 VMnetDHCP - ok
20:25:45.0320 2220 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
20:25:45.0321 2220 VMnetuserif - ok
20:25:45.0348 2220 [ 6755C5E0A4E7B69563D8B4EA419EBC43 ] VMparport C:\Windows\system32\drivers\VMparport.sys
20:25:45.0349 2220 VMparport - ok
20:25:45.0444 2220 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
20:25:45.0470 2220 VMUSBArbService - ok
20:25:45.0487 2220 VMware NAT Service - ok
20:25:45.0504 2220 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
20:25:45.0504 2220 vmx86 - ok
20:25:45.0544 2220 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:25:45.0545 2220 volmgr - ok
20:25:45.0667 2220 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:25:45.0685 2220 volmgrx - ok
20:25:45.0718 2220 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:25:45.0721 2220 volsnap - ok
20:25:45.0741 2220 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:25:45.0744 2220 vsmraid - ok
20:25:45.0773 2220 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
20:25:45.0774 2220 vsock - ok
20:25:45.0812 2220 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
20:25:45.0831 2220 VSS - ok
20:25:45.0854 2220 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
20:25:45.0861 2220 W32Time - ok
20:25:45.0887 2220 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:25:45.0887 2220 WacomPen - ok
20:25:45.0920 2220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:25:45.0939 2220 Wanarp - ok
20:25:45.0943 2220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:25:45.0944 2220 Wanarpv6 - ok
20:25:45.0975 2220 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:25:45.0986 2220 wcncsvc - ok
20:25:46.0013 2220 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:25:46.0024 2220 WcsPlugInService - ok
20:25:46.0038 2220 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
20:25:46.0039 2220 Wd - ok
20:25:46.0069 2220 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:25:46.0084 2220 Wdf01000 - ok
20:25:46.0097 2220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:25:46.0100 2220 WdiServiceHost - ok
20:25:46.0104 2220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:25:46.0105 2220 WdiSystemHost - ok
20:25:46.0117 2220 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
20:25:46.0123 2220 WebClient - ok
20:25:46.0148 2220 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:25:46.0169 2220 Wecsvc - ok
20:25:46.0186 2220 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:25:46.0189 2220 wercplsupport - ok
20:25:46.0200 2220 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
20:25:46.0203 2220 WerSvc - ok
20:25:46.0215 2220 WinDefend - ok
20:25:46.0220 2220 WinHttpAutoProxySvc - ok
20:25:46.0283 2220 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:25:46.0298 2220 Winmgmt - ok
20:25:46.0347 2220 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
20:25:46.0391 2220 WinRM - ok
20:25:46.0431 2220 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:25:46.0459 2220 Wlansvc - ok
20:25:46.0478 2220 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:46.0479 2220 WmiAcpi - ok
20:25:46.0505 2220 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:25:46.0509 2220 wmiApSrv - ok
20:25:46.0523 2220 WMPNetworkSvc - ok
20:25:46.0535 2220 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:25:46.0540 2220 WPCSvc - ok
20:25:46.0582 2220 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:25:46.0603 2220 WPDBusEnum - ok
20:25:46.0652 2220 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:25:46.0664 2220 WpdUsb - ok
20:25:46.0843 2220 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:25:46.0859 2220 WPFFontCache_v0400 - ok
20:25:46.0875 2220 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:25:46.0875 2220 ws2ifsl - ok
20:25:46.0897 2220 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
20:25:46.0899 2220 wscsvc - ok
20:25:46.0903 2220 WSearch - ok
20:25:47.0160 2220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:25:47.0197 2220 wuauserv - ok
20:25:47.0209 2220 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:47.0211 2220 WUDFRd - ok
20:25:47.0232 2220 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:25:47.0236 2220 wudfsvc - ok
20:25:47.0251 2220 X6va009 - ok
20:25:47.0258 2220 X6va010 - ok
20:25:47.0262 2220 X6va011 - ok
20:25:47.0276 2220 ================ Scan global ===============================
20:25:47.0293 2220 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:25:47.0404 2220 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:25:47.0428 2220 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:25:47.0540 2220 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:25:47.0557 2220 [Global] - ok
20:25:47.0558 2220 ================ Scan MBR ==================================
20:25:47.0566 2220 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:25:49.0773 2220 \Device\Harddisk0\DR0 - ok
20:25:49.0773 2220 ================ Scan VBR ==================================
20:25:49.0796 2220 [ A184F8C36727B01D8E774037D781C0A6 ] \Device\Harddisk0\DR0\Partition1
20:25:49.0799 2220 \Device\Harddisk0\DR0\Partition1 - ok
20:25:49.0822 2220 [ B8C8826FA3A2EF639A1B434270D15070 ] \Device\Harddisk0\DR0\Partition2
20:25:49.0824 2220 \Device\Harddisk0\DR0\Partition2 - ok
20:25:49.0824 2220 ============================================================
20:25:49.0824 2220 Scan finished
20:25:49.0824 2220 ============================================================
20:25:49.0835 1052 Detected object count: 1
20:25:49.0835 1052 Actual detected object count: 1
20:26:03.0502 1052 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:26:03.0502 1052 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:26:51.0704 4720 Deinitialize success

Ich hoffe das ist jetzt alles und hoffe du kannst mir da weiterhelfen
schon mal vielen dank im voraus für deine mühe ;D

Alt 04.12.2012, 16:11   #9
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Servus,


du hast mir 3 mal die OTL.txt gepostet, aber es fehlt immer noch die Extras.txt. Diese sollte sich in dem Ordner befinden, in dem du OTL gestartet hast.

Ein kleiner Hinweis noch:
Du solltest die Tools im übrigen vom Desktop aus starten und nicht vom Downloader-Ordner:
Zitat:
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Downloads
Bitte zukünftig darauf achten.


Sobald ich die Extras.txt habe, kanns losgehen.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 04.12.2012, 18:27   #10
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Die EXTRA:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 16:57:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free
8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 21 ED 00 C1 1A 9A CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C00E5FE-F986-40AB-86E0-4818A5A791CC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0C42CBF4-D37B-423F-B7D0-73548591CAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{27836FFE-3E2B-40BA-8B07-824F5668CC05}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4B0FD562-3FC3-4940-9072-5959BDB5B932}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8D63F81D-A5D9-4946-AD3D-7AD7AF1B6902}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B2D7AFF-3CB8-4749-8887-2A74157ECCB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B186C461-6ED7-450E-AF21-7BE8836E5A73}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE97D4B3-E61B-4876-BD5E-7E17144B9336}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D9F968A6-5B72-48CB-9DAF-3D16B52000EF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E5BC9E55-7343-4C4C-9443-571C99B273AC}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1F8059-A442-4EAA-A898-8E1B7184DB73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{136918B9-BD20-4E25-B6B0-B14E97E3D332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{2BC26E15-BE12-4F42-AFE4-320106DCB42E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{361CC462-1DDF-486F-BAFD-20C57936612D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3CBB30D7-F3A6-4AF2-BA94-BE36E889BE88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{41B1BDF8-590E-461B-8522-8A266DC1D9CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{47DDA791-6F23-4CC3-8818-E19D0AC1442D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{52704BD5-52B7-4D6D-86CB-9B9BC04CFBEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5399A88D-9864-41F0-BB36-40A4D6A54AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{565D92B6-F108-4200-A048-662A1C805700}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{63425C82-3BC3-435C-815C-2225FF284242}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{6E6BC3F0-9616-45AD-9530-FF7B7349EFC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{6FA8E28E-E3BB-4DCC-A9B9-D12EDE9D0DDE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{72083ACC-FC53-4E37-855C-587FFAAD15A7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{750520CE-63F4-4460-BFFF-1D647FF02565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{75BE7EE3-2C4B-4148-8E0F-72537EF723E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{87ABEF09-058B-40BA-B84B-F55ECD111B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{89F2D9C5-AF1B-4581-951C-C6ED5CA89825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 
"{8B751D7E-FBC0-41F4-A880-986B03211ADB}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{8B772FBB-856B-4B99-9D56-672189090FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{8D27D700-9B13-4F8A-AD29-C05FA259B8F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8F7712CB-3D96-41FF-A8E9-17C6E4320619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{927227B4-EBE5-4B28-A91A-4C43DCB372AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{9A3989D4-2919-43C5-B03E-F08CC2DDB163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{A2897128-B51D-4882-AB43-7588F138365B}" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 
"{B8D0F588-05CC-4730-BD72-DF72E02C561B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{CA156975-0847-43EC-A1A7-7890AF10639B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CDA7FCEF-E038-4C8D-8C13-FF5C247FDDE6}" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 
"{D258E189-210B-409A-AEF8-06BC3B918E56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{DB6DF9FB-B12C-4FD4-9007-7DC2FBD59B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{DF542D2D-122A-4D1F-90B1-E249398408F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{E9D884C2-E997-4324-B721-DEDDD3EDDB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 
"{F8A71679-90A7-4778-A6DB-3BDE9EC32330}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"TCP Query User{024D2D44-73A8-4ACF-9B7E-891F7DC423BD}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 
"TCP Query User{1ED244D9-4229-4957-9541-D312BBF9564E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{3D536110-EC31-4564-966C-F5966D231613}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{7A9888C9-407A-4E38-9A87-D66D73100634}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 
"TCP Query User{7EBB10CB-FFE3-4410-B071-22190E2B96EC}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{80CA4EA4-4ECC-4F56-A501-82C4549ADCDB}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{8A3D5B66-5BA3-4EEB-9B28-3525592F1CC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{99A9C40A-B453-4394-9FA8-2C04C2250FAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C3A75814-7FA0-4108-8409-AB11C0640EBF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{C4601CC2-1197-43C5-8EAB-EDF9E3B97752}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{344BB24F-A0C6-4157-A464-0AB2FCC2BA47}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 
"UDP Query User{4E699C3C-A433-405B-BE82-B3AF008BCA53}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{60B1AD6F-1E6F-4543-9BB2-83C9A6EDEBC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6E5CF0FE-FB88-48BC-8D97-EAEA06434F2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{795ED364-8348-4F94-ABE2-670086827E80}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{AE66EDA7-4EF5-4921-8446-BA746D306004}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 
"UDP Query User{C974A00B-BA80-4BF3-BE7B-7BC11D68ABAE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{E72B96A9-D1C3-4040-A2B6-270E8DB44241}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{E734B016-1C0B-4F91-B8DD-639F9B6350F8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{EA80E8B1-6398-4E59-8145-4AD371429F1E}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VistaGlazz_is1" = VistaGlazz 2.4
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC58860-75E1-4622-99B3-694903175A12}" = S4 League_EU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 200210" = Realm of the Mad God
"Steam App 202480" = Creation Kit
"Steam App 22350" = BRINK
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.3
"VMware_Player" = VMware Player
"xampp" = XAMPP 1.8.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FileZilla Client" = FileZilla Client 3.6.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.12.2012 09:34:58 | Computer Name = Jan-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.12.2012 14:02:56 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 02.12.2012 14:02:56 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 02.12.2012 14:03:43 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 02.12.2012 14:03:43 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 02.12.2012 16:48:36 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 18:04:12 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 01:44:34 | Computer Name = Jan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 03.12.2012 01:47:25 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 09:02:22 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002
Description = Programm iw3mp.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: a20  Anfangszeit: 01cdd1565a9ed620  Zeitpunkt der Beendigung:
 1
 
Error - 03.12.2012 11:59:17 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
[ System Events ]
Error - 19.06.2012 11:47:17 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.06.2012 um 17:46:17 unerwartet heruntergefahren.
 
Error - 19.06.2012 11:47:18 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.06.2012 00:46:38 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.06.2012 12:11:58 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.06.2012 um 18:10:12 unerwartet heruntergefahren.
 
Error - 20.06.2012 12:11:59 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.06.2012 12:13:38 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.06.2012 12:13:38 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.06.2012 12:45:33 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.06.2012 um 17:13:21 unerwartet heruntergefahren.
 
Error - 22.06.2012 08:37:04 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.06.2012 um 14:35:20 unerwartet heruntergefahren.
 
Error - 22.06.2012 10:08:00 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.06.2012 um 16:06:54 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Das war in der EXTRA Datei drinn die direkt nach dem beenden des Scanns geöffnet wurde.

Alt 04.12.2012, 19:48   #11
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Servus,



na dann kanns ja losgehen.





Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.







Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen. Drücke eine beliebige Taste, um den Suchlauf zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 4
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 04.12.2012, 22:07   #12
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Antwort Schritt 2:
# AdwCleaner v2.011 - Datei am 04/12/2012 um 22:02:25 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\Program Files (x86)\Perion
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\Users\Jan\AppData\Local\APN
Gelöscht mit Neustart : C:\Users\Jan\AppData\Local\Smartbar
Gelöscht mit Neustart : C:\Users\Jan\AppData\LocalLow\incredibar.com
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\OpenCandy
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4812_1&babsrc=HP_ss&mntrId=e0acb527000000000000001f3f08cbc1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5216 octets] - [04/12/2012 22:02:25]

########## EOF - C:\AdwCleaner[S1].txt - [5276 octets] ##########

Schritt 3:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.8.1 (12.04.2012:2)
OS: Windows (TM) Vista Home Premium x64
Ran by Jan on 04.12.2012 at 22:26:12,12
Blog: Malware Analysis and Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-870192084-3636044139-2260596-1000\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-870192084-3636044139-2260596-1000\software\web assistant"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jan\AppData\Roaming\dvdvideosoftiehelpers"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2012 at 22:29:33,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 4:Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-04.01 - Jan 04.12.2012  22:49:09.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2651 [GMT 1:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\ssv.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-04 bis 2012-12-04  ))))))))))))))))))))))))))))))
.
.
2012-12-04 21:58 . 2012-12-04 22:07	--------	d-----w-	c:\users\Jan\AppData\Local\temp
2012-12-04 21:43 . 2012-12-04 21:43	--------	d-----w-	c:\users\Jan\AppData\Roaming\Avira
2012-12-04 21:39 . 2012-12-04 21:40	--------	d-----w-	c:\program files (x86)\Ask.com
2012-12-04 21:39 . 2012-12-04 21:39	--------	d-----w-	C:\Firefox
2012-12-04 21:39 . 2012-12-04 21:39	--------	d-----w-	c:\users\Jan\AppData\Local\APN
2012-12-04 21:39 . 2012-11-16 19:17	98888	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-04 21:39 . 2012-11-16 19:17	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-12-04 21:39 . 2012-11-16 19:17	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-04 21:39 . 2012-12-04 21:40	--------	d-----w-	c:\programdata\Avira
2012-12-04 21:39 . 2012-12-04 21:39	--------	d-----w-	c:\program files (x86)\Avira
2012-12-04 21:26 . 2012-12-04 21:26	--------	d-----w-	c:\windows\ERUNT
2012-12-04 21:26 . 2012-12-04 21:26	--------	d-----w-	C:\JRT
2012-12-04 18:54 . 2012-12-04 18:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-04 18:54 . 2012-12-04 18:54	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-04 18:53 . 2012-12-04 18:53	--------	d-----w-	c:\program files (x86)\Java
2012-12-04 17:30 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C421986F-EC7C-49D3-AAFA-22A2613930B8}\mpengine.dll
2012-12-03 20:42 . 2012-12-03 20:42	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-03 20:42 . 2012-12-03 20:42	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-12-02 13:31 . 2012-12-02 14:39	--------	d-----w-	c:\program files (x86)\Google
2012-12-02 09:01 . 2012-12-02 09:01	--------	d-----w-	c:\users\Jan\AppData\Roaming\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 09:01 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-02 02:53 . 2012-12-02 02:53	--------	d-----w-	c:\users\Jan\AppData\Roaming\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53	--------	d-----w-	c:\programdata\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-02 02:53 . 2012-12-02 02:53	--------	d--h--w-	c:\programdata\Common Files
2012-12-02 02:52 . 2012-12-02 02:52	--------	d-----w-	c:\windows\SysWow64\searchplugins
2012-12-02 02:52 . 2012-12-02 02:52	--------	d-----w-	c:\windows\SysWow64\Extensions
2012-12-02 02:52 . 2012-12-02 02:52	--------	d-----w-	c:\program files\CodeGazer
2012-12-02 02:08 . 2012-12-02 02:17	--------	d-----w-	c:\users\Jan\AppData\Roaming\EvJOWallpaper
2012-12-02 02:08 . 2012-12-02 02:08	--------	d-----w-	c:\program files (x86)\EvJOSoft
2012-12-02 02:04 . 2012-12-02 02:04	--------	d-----w-	c:\windows\Downloaded Installations
2012-12-02 01:58 . 2012-12-02 01:58	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2012-12-01 23:20 . 2003-05-14 20:07	389120	------w-	c:\windows\SysWow64\actskn43.ocx
2012-12-01 23:19 . 2012-12-02 01:58	--------	d-----w-	c:\program files (x86)\Wallpaper Juggler
2012-12-01 23:19 . 2001-03-13 13:49	140288	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2012-12-01 23:19 . 1998-04-23 23:00	368912	----a-w-	c:\windows\SysWow64\vbar332.dll
2012-11-28 19:04 . 2012-11-28 19:04	--------	d-----w-	c:\users\Jan\AppData\Local\fontconfig
2012-11-28 19:04 . 2012-12-02 21:47	--------	d-----w-	c:\users\Jan\.gimp-2.8
2012-11-28 19:04 . 2012-11-28 19:04	--------	d-----w-	c:\users\Jan\AppData\Local\gegl-0.2
2012-11-26 20:27 . 2012-11-26 20:27	--------	d-----w-	c:\programdata\AVS4YOU
2012-11-26 20:27 . 2012-11-26 20:27	--------	d-----w-	c:\users\Jan\AppData\Roaming\AVS4YOU
2012-11-26 20:26 . 2012-11-26 20:29	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-11-26 20:26 . 2010-07-08 11:25	1700352	----a-w-	c:\windows\SysWow64\GdiPlus.dll
2012-11-26 20:26 . 2010-07-08 11:25	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-11-26 20:26 . 2012-11-26 20:29	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-11-16 14:26 . 2012-09-25 16:31	91648	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 14:26 . 2012-09-25 16:19	75776	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 14:23 . 2012-10-12 14:53	2769920	----a-w-	c:\windows\system32\win32k.sys
2012-11-09 13:59 . 2012-11-09 13:59	--------	d-----w-	c:\programdata\Tages
2012-11-07 16:22 . 2012-12-02 08:41	--------	d-----w-	c:\users\Jan\AppData\Roaming\FileZilla
2012-11-07 16:22 . 2012-11-17 16:46	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 18:53 . 2012-05-12 15:40	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-04 18:53 . 2012-05-12 15:40	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-02 02:53 . 2012-05-17 13:21	688640	----a-w-	c:\windows\system32\themeui.dll
2012-12-02 02:53 . 2012-05-13 11:33	302080	----a-w-	c:\windows\system32\shsvcs.dll
2012-12-02 02:53 . 2008-01-21 02:50	317440	----a-w-	c:\windows\system32\uxtheme.dll
2012-11-16 20:30 . 2006-11-02 12:35	66395536	----a-w-	c:\windows\system32\mrt.exe
2012-10-10 19:23 . 2012-10-10 19:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 19:23 . 2012-10-10 19:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 19:23 . 2012-10-10 19:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 19:23 . 2012-10-10 19:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 19:23 . 2012-10-10 19:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 19:23 . 2012-10-10 19:23	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 19:23 . 2012-10-10 19:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 19:22 . 2012-10-10 19:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 19:22 . 2012-10-10 19:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 19:22 . 2012-02-09 20:43	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 19:22 . 2012-02-09 20:43	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 19:22 . 2012-10-10 19:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 19:22 . 2012-10-10 19:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 19:22 . 2012-10-10 19:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 19:22 . 2012-10-10 19:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-09 15:14 . 2012-10-09 15:14	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-08 17:52 . 2012-10-08 17:52	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2012-10-08 17:52 . 2012-10-08 17:52	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2012-10-02 19:51 . 2012-10-18 12:52	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-10-18 12:52	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-10-18 12:52	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-10-18 12:52	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-10-18 12:52	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-10-18 12:52	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-09-28 01:10 . 2012-09-28 01:10	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-09-28 01:10 . 2012-09-28 01:10	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-09-28 01:10 . 2012-09-28 01:10	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-09-28 01:10 . 2012-09-28 01:10	222208	----a-w-	c:\windows\system32\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10	197120	----a-w-	c:\windows\system32\msrating.dll
2012-09-28 01:10 . 2012-09-28 01:10	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-09-28 01:10 . 2012-09-28 01:10	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-09-28 01:10 . 2012-09-28 01:10	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-09-28 01:10 . 2012-09-28 01:10	136192	----a-w-	c:\windows\system32\advpack.dll
2012-09-28 01:10 . 2012-09-28 01:10	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10	12288	----a-w-	c:\windows\system32\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10	114176	----a-w-	c:\windows\system32\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-09-28 01:10 . 2012-09-28 01:10	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-09-28 01:10 . 2012-09-28 01:10	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10	82432	----a-w-	c:\windows\system32\icardie.dll
2012-09-28 01:10 . 2012-09-28 01:10	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-09-28 01:10 . 2012-09-28 01:10	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-09-28 01:10 . 2012-09-28 01:10	448512	----a-w-	c:\windows\system32\html.iec
2012-09-28 01:10 . 2012-09-28 01:10	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-09-28 01:10 . 2012-09-28 01:10	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-09-28 01:10 . 2012-09-28 01:10	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-09-28 01:10 . 2012-09-28 01:10	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-09-28 01:10 . 2012-09-28 01:10	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-09-28 01:10 . 2012-09-28 01:10	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10	160256	----a-w-	c:\windows\system32\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10	103936	----a-w-	c:\windows\system32\inseng.dll
2012-09-28 01:10 . 2012-09-28 01:10	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-09-28 01:10 . 2012-09-28 01:10	149504	----a-w-	c:\windows\system32\occache.dll
2012-09-26 18:57 . 2012-10-07 09:24	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-09-26 18:57 . 2012-09-26 18:57	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-09-26 18:57 . 2012-09-26 18:57	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-09-26 18:57 . 2012-09-26 18:57	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-09-26 18:57 . 2012-10-07 09:23	319456	----a-w-	c:\windows\SysWow64\DIFxAPI.dll
2012-09-26 18:57 . 2012-09-26 18:57	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-09-26 18:57 . 2012-09-26 18:57	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 18:57 . 2012-09-26 18:57	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 18:57 . 2012-09-26 18:57	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-09-26 18:57 . 2012-09-26 18:57	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-10 . 9235EC680D3DB17464B39C7C7DECB4DD . 301568 . . [6.0.6001.18287] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_28ff7f1fd585934f\shsvcs.dll
[7] 2009-07-10 . 3F6101365E6319171054ADD75788516C . 300032 . . [6.0.6000.21081] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_279cb3aaf1823d60\shsvcs.dll
[7] 2009-07-10 . C2409C9B7C7E422E7680AE4E1738BFC8 . 302080 . . [6.0.6001.22467] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_299ebda8ee92f85e\shsvcs.dll
[7] 2009-07-10 . F33C4D0B9EEFCDE346F8753DC4D6867F . 299520 . . [6.0.6000.16883] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_27153f51d8629d02\shsvcs.dll
[7] 2009-07-10 . 00DD742B99B278429714DEE859A73DD0 . 302080 . . [6.0.6002.22169] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll
[7] 2009-07-10 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6002.18063] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_2af7919dd29f485c\shsvcs.dll
[7] 2009-04-11 . 2AD15758174DCC7993FF3C00A955DD66 . 301568 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_2b3a71b9d26cd364\shsvcs.dll
[7] 2008-01-21 . EB3114330236CF030E8EDF62881BAF67 . 301568 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_294ef8add54b0818\shsvcs.dll
[-] 2012-12-02 . 66CFDF478939DD6388858DE06F2CE14C . 302080 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33	1521872	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,5b,27,40,9b,f1,90,b3,fd,37,90,8d,e4,66,29,ee,35,44,05,5e,32,
   49,e2,cc,61,68,84,d5,44,11,1d,3e,37,f6,6d,bb,f8,34,66,c1,5e,b4,42,06,7e,a3,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-04  23:12:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-04 22:11
.
Vor Suchlauf: 13 Verzeichnis(se), 315.932.594.176 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 315.981.926.400 Bytes frei
.
- - End Of File - - E65B527457CA10320B1FE19B5C4E09C0
         
--- --- ---

Ich hab jetzt ein Problem!!!!! nach dem letzten Scan funktioniert mein Fritz W-Lan stick nicht mehr auserdem brauch ich knapp 2 minuten zum hochfahren auserdem klappt steam auch nicht mehr -.- kanst du mir da helfen??

Geändert von Nirobe (04.12.2012 um 22:20 Uhr)

Alt 05.12.2012, 17:49   #13
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Servus,



Zitat:
Zitat von Nirobe Beitrag anzeigen
Ich hab jetzt ein Problem!!!!! nach dem letzten Scan funktioniert mein Fritz W-Lan stick nicht mehr auserdem brauch ich knapp 2 minuten zum hochfahren auserdem klappt steam auch nicht mehr -.- kanst du mir da helfen??
Du bist der erste, der mir solche Probleme schildert. Mal schaun, was wir da tun können. Bevor es weitergeht, hätte ich da zwei Fragen:


Wieso hast du die Ask-Toolbar installiert?
Zitat:
2012-12-04 21:39 . 2012-12-04 21:40 -------- d-----w- c:\program files (x86)\Ask.com


Hast du noch Probleme mit MyStart Incredibar?
Wenn ja, in welchem Browser?
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 05.12.2012, 18:00   #14
Nirobe
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Die ASK-Toolbar hab ich wohl Aus versehen bei Avira Free Antivir mitinstalliert. Ob das Problem mit der Mystart Incredibar weg ist weis ich nicht da wie schon erwähnt mein Internet nicht mehr klappt.

Geändert von Nirobe (05.12.2012 um 18:24 Uhr)

Alt 05.12.2012, 19:34   #15
M-K-D-B
/// TB-Ausbilder
 
Mystar incredybar löschen - Standard

Mystar incredybar löschen



Servus,




Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • Ask Toolbar
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    FCopy::
    c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll | c:\windows\system32\shsvcs.dll
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Kannst du nun wieder ins Internet?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Beantwortung der gestellten Frage.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Antwort

Themen zu Mystar incredybar löschen
administrator, anleitung, anti-malware, autostart, bösartige, dateien, einfach, explorer, google, infiziert, leute, löschen, minute, neu, nichts, problem, registrierung, relativ, scan, seite, service, service pack 2, speicher, version, vista



Ähnliche Themen: Mystar incredybar löschen


  1. Löschen
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (2)
  2. Quarantäne löschen?
    Antiviren-, Firewall- und andere Schutzprogramme - 30.12.2014 (16)
  3. Logfiles löschen
    Diskussionsforum - 27.12.2014 (10)
  4. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  5. Daten unwiederherstellbar löschen bzw freien Speicher löschen
    Überwachung, Datenschutz und Spam - 24.02.2014 (7)
  6. Snap.do löschen (Win 7 64 Bit)
    Log-Analyse und Auswertung - 15.09.2013 (29)
  7. PC Performer löschen-wie?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (5)
  8. Wie kann ich MyStar by IncrediBar.com löschen?
    Log-Analyse und Auswertung - 07.10.2012 (6)
  9. wie werde ich mystar incredibar los?
    Log-Analyse und Auswertung - 12.09.2012 (1)
  10. Virus von externer Festplatte löschen ohne Bilder davon zu löschen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  11. Löschen oder nicht löschen, das ist hier die Frage
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2010 (9)
  12. virtumonde löschen?
    Log-Analyse und Auswertung - 21.06.2008 (1)
  13. Kein Virenprogramm kann trojanisches Pferd löschen! Wie soll ich es löschen?
    Mülltonne - 19.03.2008 (1)
  14. Löschen
    Lob, Kritik und Wünsche - 14.10.2006 (5)
  15. Löschen!
    Log-Analyse und Auswertung - 23.04.2006 (2)
  16. Trojaner löschen
    Plagegeister aller Art und deren Bekämpfung - 10.05.2005 (0)
  17. Wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2004 (1)

Zum Thema Mystar incredybar löschen - Hey Leute bin relativ neu und habe wie viele auch das problem mit der Mystar Incredybar deswegen bin ich auf eure seite gekommen. hab dan auch nach eurer anleitung gemacht - Mystar incredybar löschen...
Archiv
Du betrachtest: Mystar incredybar löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.