| |
| |||||||
Log-Analyse und Auswertung: Snap.do entfernen. Ich finde keine Lösungen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2013, 21:18
| #1 |
 |  Snap.do entfernen. Ich finde keine Lösungen! Liebes Team, ich habe mich eingehend über dieses Problem informiert, sei es Google oder eben auf dieser Plattform, habe aber keine Lösungen gefunden. Ich habe seit einiger Zeit ( 1 - 2 Monate ) Snap.do auf meinem Notebook. Ich weiß nicht, wie ich dieses Programm installiert habe. Ich habe unter Einstellungen bei Google probiert, es wegzukriegen, aber ohne Erfolg. Es kommt wieder und wieder. Systemeinstellungen/ Programme deinstallieren bring auch nichts, da ich Snap.do dort nicht finde. SpyHunter soll helfen, aber kostet es mich was und soll ich es herunterladen? Wie soll ich vorgehen? Danke im Voraus |
|
12.04.2013, 21:27
| #2 | |
| /// TB-Ausbilder   |  Snap.do entfernen. Ich finde keine Lösungen! Hi,
__________________Zitat:
 Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
12.04.2013, 21:49
| #3 |
| | Snap.do entfernen. Ich finde keine Lösungen! Sind diese Programme kostenlos und seriös? Ich mein die Programme, die ich herunterladen muss/soll.
__________________AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 12/04/2013 um 23:17:32 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : AMD - HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\AMD\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : DefaultTabUpdate
Gestoppt & Gelöscht : SrvUpdater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\Program Files (x86)\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\AddLyrics
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\AMD\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\AMD\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\AMD\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\AMD\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\AMD\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\AMD\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\AMD\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\AMD\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\AMD\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\AMD\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\AMD\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\AMD\AppData\Roaming\DefaultTab
Ordner Gelöscht : C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\520dedfb538e846
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\520dedfb538e846
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=hp&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e781cdda-9ee1-4c54-b4e8-13e5e5993f92&searchtype=ds&q={searchTerms}&installDate=15/02/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/?orig=HP&affid=61&cztbid=363967391 --> hxxp://www.google.com
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2346] : homepage = "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=e78[...]
*************************
AdwCleaner[S1].txt - [26106 octets] - [12/04/2013 23:17:32]
########## EOF - C:\AdwCleaner[S1].txt - [26167 octets] ##########
|
|
12.04.2013, 22:34
| #4 | |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen!Zitat:
Wir arbeiten hier nur mit kostenlosen und seriösen Programmen.
__________________ cheers, Leo |
|
12.04.2013, 23:12
| #5 |
| | Snap.do entfernen. Ich finde keine Lösungen! OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.04.2013 23:39:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AMD\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,47 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 53,54% Memory free 4,10 Gb Paging File | 2,32 Gb Available in Paging File | 56,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,57 Gb Total Space | 398,54 Gb Free Space | 88,85% Space Free | Partition Type: NTFS Drive D: | 16,42 Gb Total Space | 2,10 Gb Free Space | 12,81% Space Free | Partition Type: NTFS Computer Name: HP | User Name: AMD | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.04.12 23:34:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AMD\Downloads\OTL.exe PRC - [2013.03.14 18:43:20 | 000,188,760 | ---- | M] () -- C:\Programme\Video downloader\ExtensionUpdaterService.exe PRC - [2013.02.06 16:24:02 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.07.27 19:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012.06.13 14:32:04 | 000,222,720 | ---- | M] () -- C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012.03.28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012.01.02 04:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009.09.11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008.09.10 13:11:10 | 000,016,040 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.02.06 16:24:02 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe MOD - [2013.02.06 16:24:02 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\BrowserProtect\proxy\zlibwapi.dll MOD - [2012.12.12 01:09:49 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.10.09 04:23:11 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.09 04:23:11 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.10.09 04:23:11 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll MOD - [2012.09.28 23:41:48 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.09.14 00:04:14 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.07.27 01:08:38 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.07.27 01:08:38 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.07.27 01:08:38 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.07.27 01:08:38 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.07.27 01:08:38 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.07.27 01:08:38 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.07.27 01:08:38 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2012.07.27 01:08:38 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2012.07.26 05:19:14 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2012.06.08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll MOD - [2012.01.02 04:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll MOD - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe MOD - [2008.09.10 13:11:10 | 000,016,040 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe MOD - [2008.09.10 11:56:27 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll MOD - [2008.09.10 11:56:14 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll MOD - [2008.09.10 11:56:12 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll MOD - [2008.09.10 11:40:31 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll MOD - [2008.05.23 14:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll MOD - [2008.01.16 10:24:34 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\DotNetChecker.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.23 17:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2012.08.10 16:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.08.09 08:45:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.08.08 11:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2009.10.16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device) SRV:64bit: - [2009.10.16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2013.03.29 20:52:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.14 18:43:20 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Video downloader\ExtensionUpdaterService.exe -- (Video downloader Updater) SRV - [2013.02.14 10:05:56 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect) SRV - [2013.02.07 14:04:30 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012.07.21 18:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.06.13 14:32:04 | 000,222,720 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe -- (Updater Service for EazelBar) SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2009.10.16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.12.04 15:47:30 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 12:18:30 | 000,083,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.06 17:55:24 | 000,323,584 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.24 11:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.24 11:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.24 11:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012.08.10 16:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.08.10 16:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.08.09 10:03:32 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.08.09 07:48:20 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.07 12:51:18 | 000,141,256 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2012.08.03 15:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012.07.31 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.31 10:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 11:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012.07.24 11:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012.07.24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.07.21 18:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.07.18 06:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012.06.25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.23 07:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC) DRV:64bit: - [2012.06.20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symelam.sys -- (SymELAM) DRV:64bit: - [2012.06.19 16:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.29 19:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 19:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.04.09 14:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.15 23:03:18 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130412.003\ex64.sys -- (NAVEX15) DRV - [2013.02.15 23:03:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.02.15 23:03:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.02.15 23:03:18 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130412.003\eng64.sys -- (NAVENG) DRV - [2013.02.14 08:05:36 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130411.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.01.11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/02/18 18:32:23] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{28A1AFBC-2A66-4FD6-8237-7EAF11857F60}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=61&cztbid=363967391&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=61&cztbid=363967391&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll (Link64 GmbH) FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64c;Version=5: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll (Link64 GmbH) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\AMD\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\AMD\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll () 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX [2013.03.29 20:43:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.04.12 23:26:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.02.15 15:57:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: C:\Program Files (x86)\EazelBar\Firefox [2013.02.18 19:11:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\ProgramData\Startpage24\Plugin\firefox [2013.02.21 22:20:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox [2013.03.29 20:43:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.03 13:16:26 | 000,000,000 | ---D | M] [2013.02.15 22:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Users\AMD\AppData\Roaming\Mozilla\plugins\NpFv530.dll CHR - plugin: Skype Web Plugin (Enabled) = C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Startpage24 Startpage (Enabled) = C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll CHR - plugin: Startpage24 Startpage (Enabled) = C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll CHR - plugin: Google Update (Enabled) = C:\Users\AMD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Startpage24 Extension = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjedieekahkckccfclnacnooabafgjg\0.3_0\ CHR - Extension: Norton Identity Protection = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\ CHR - Extension: Google Mail = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Auto Lyrics = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\ O1 HOSTS File: ([2013.02.24 10:29:22 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 google-analytics.com O2:64bit: - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Programme\Video downloader\Extension64.dll () O2:64bit: - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll () O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Programme\Video downloader\Extension32.dll () O2 - BHO: (Startpage24 Browser Helper) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll (Link64 GmbH) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll () O3:64bit: - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll () O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe () O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) O4 - HKCU..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro) O4 - Startup: C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history) O4 - Startup: C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C586592-6EAF-4C19-9872-AF5FFA65C43D}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46EA0735-FC39-49DE-96DB-6485C85FD43E}: DhcpNameServer = 40.20.1.201 40.20.1.203 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C82F9C-609E-4ABC-80F2-5C97022DD01D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB937A27-6165-4ECF-B9DC-135084409E1F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\startpage24 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\startpage24 {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll (Link64 GmbH) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{021262b5-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun O33 - MountPoints2\{021262b5-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence O33 - MountPoints2\{02126400-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun O33 - MountPoints2\{02126400-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence O33 - MountPoints2\{021264be-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun O33 - MountPoints2\{021264be-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence O33 - MountPoints2\{e7682d96-77a2-11e2-be74-38eaa7db6372}\Shell - "" = AutoRun O33 - MountPoints2\{e7682d96-77a2-11e2-be74-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 14:06:13 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\MAGIX Downloads [2013.04.06 14:06:12 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\MAGIX [2013.04.06 14:05:03 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2013.04.06 14:05:03 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll [2013.04.06 14:05:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2013.04.06 14:05:02 | 000,487,424 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll [2013.04.06 14:05:02 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe [2013.04.06 14:05:02 | 000,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll [2013.04.06 14:05:02 | 000,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll [2013.04.06 14:05:02 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll [2013.04.06 14:05:02 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll [2013.04.06 14:05:02 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll [2013.04.06 14:05:02 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll [2013.04.06 14:05:02 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll [2013.04.06 14:05:02 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll [2013.04.06 14:05:02 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll [2013.04.06 14:05:02 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll [2013.04.06 14:05:02 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll [2013.04.06 14:05:02 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll [2013.04.06 14:05:02 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll [2013.04.06 14:05:02 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll [2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll [2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll [2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll [2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll [2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll [2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll [2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll [2013.04.06 14:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2013.04.06 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\MAGIX_MusicMaker15_for_MySpace [2013.04.06 14:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.04.06 14:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2013.04.06 14:02:48 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll [2013.04.06 14:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX [2013.04.04 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks [2013.04.04 17:02:05 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\SafeNet Sentinel [2013.04.04 17:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel [2013.04.04 17:01:50 | 000,083,072 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\aksdf.sys [2013.04.04 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2013.04.04 17:01:45 | 004,412,872 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe [2013.04.04 17:01:45 | 004,412,872 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe [2013.04.04 17:01:44 | 000,141,256 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\aksfridge.sys [2013.04.04 17:01:40 | 000,323,584 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\hardlock.sys [2013.04.04 17:01:29 | 000,198,088 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll [2013.04.04 17:00:51 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.04.04 17:00:50 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.04.04 17:00:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.04.04 16:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightworks [2013.04.04 16:51:22 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Audacity [2013.04.04 16:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.04.04 16:37:10 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\HPConnectedMusic [2013.04.04 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\fontconfig [2013.04.04 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\gegl-0.2 [2013.04.04 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\AMD\.gimp-2.8 [2013.04.04 16:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.04.03 19:29:19 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.30 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\MultiSkypeLauncher [2013.03.30 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher [2013.03.30 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiSkypeLauncher [2013.03.30 14:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock [2013.03.30 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock [2013.03.29 22:21:35 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\Youcam [2013.03.29 20:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Video downloader [2013.03.29 01:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.03.29 01:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.29 01:38:07 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\DVDVideoSoft [2013.03.29 01:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.26 20:42:29 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.26 20:42:28 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.26 20:14:40 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westermann Multimedia [2013.03.26 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Westermann [2013.03.25 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\German Truck Simulator [2013.03.25 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\German Truck Simulator [2013.03.25 23:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator [2013.03.25 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator [2013.03.25 19:01:11 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\Abelssoft [2013.03.25 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2013.03.25 18:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader [2013.03.25 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Song Downloader [2013.03.25 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Nico Mak Computing [2013.03.25 18:07:18 | 000,019,840 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe [2013.03.25 18:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer [2013.03.25 18:05:22 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\uTorrent [2013.03.20 00:23:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.18 13:37:45 | 000,493,056 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.dll [2013.03.18 13:37:45 | 000,019,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.exe [2013.03.18 13:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series [2013.03.18 13:37:11 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdulnks.dll [2013.03.18 13:37:10 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxdugf.dll [2013.03.18 13:37:10 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduutil.dll [2013.03.18 13:37:10 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsb.dll [2013.03.18 13:37:10 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduins.dll [2013.03.18 13:37:10 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdujswr.dll [2013.03.18 13:37:10 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsr.dll [2013.03.18 13:37:10 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducur.dll [2013.03.18 13:37:09 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducub.dll [2013.03.18 13:37:09 | 000,081,920 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducu.dll [2013.03.18 13:37:07 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXDUcfg.dll [2013.03.18 13:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 5600-6600 Series [2013.03.18 13:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5600-6600 Series [2013.03.18 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\ElevatedDiagnostics [2013.03.18 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2013.03.17 23:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.17 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.17 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.17 18:52:10 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.03.17 18:52:05 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.03.17 18:52:00 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.17 18:52:00 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.03.17 18:52:00 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.03.17 18:52:00 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.03.17 13:39:43 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.17 13:39:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.17 13:39:41 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.17 13:39:41 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.17 13:39:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.17 13:39:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.17 13:39:40 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.17 13:39:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.17 13:39:40 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.17 13:39:40 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.17 13:39:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.17 13:39:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.17 13:37:47 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.17 13:37:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.03.17 12:59:11 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.17 12:59:09 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.17 12:59:07 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.17 12:59:02 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.17 12:59:00 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.17 12:59:00 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.17 12:58:58 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.17 12:58:58 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.17 12:58:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.03.17 12:58:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.17 12:58:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.17 12:58:57 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.17 12:58:57 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.17 12:58:57 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.17 12:58:57 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.17 12:58:57 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.03.17 12:58:57 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.03.17 12:58:57 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.17 12:58:57 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.17 12:58:57 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.17 12:58:57 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.17 12:58:57 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.17 12:58:57 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.17 12:58:57 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.17 12:58:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.17 12:58:57 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.17 12:58:57 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.17 12:58:57 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.17 12:58:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.17 12:58:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.17 12:58:56 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.17 12:58:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.17 12:58:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.16 21:29:44 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.16 21:29:44 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 23:37:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002UA.job [2013.04.12 23:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 23:29:54 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 23:29:54 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 23:29:54 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 23:29:54 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 23:29:54 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.12 23:25:57 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job [2013.04.12 23:23:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 23:21:54 | 000,344,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.12 23:21:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.12 23:21:03 | 2981,527,552 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 23:18:16 | 000,000,158 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.12 23:16:58 | 000,002,668 | ---- | M] () -- C:\Users\AMD\Desktop\Google Chrome.lnk [2013.04.12 23:15:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_AMD.job [2013.04.11 19:37:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002Core.job [2013.04.06 14:05:11 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini [2013.04.04 19:42:02 | 000,001,477 | ---- | M] () -- C:\Users\AMD\AppData\Local\recently-used.xbel [2013.03.30 18:53:17 | 000,001,189 | ---- | M] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk [2013.03.18 13:40:27 | 000,182,891 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2013.03.18 13:38:54 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK [2013.03.18 00:39:36 | 000,000,649 | ---- | M] () -- C:\ProgramData\cl1578181498.xml [2013.03.17 21:38:14 | 000,014,127 | ---- | M] () -- C:\Users\AMD\Documents\untitled_1.odt [2013.03.17 21:38:14 | 000,011,558 | ---- | M] () -- C:\Users\AMD\Documents\untitled_0_1.odt [2013.03.14 23:45:37 | 000,074,682 | ---- | M] () -- C:\Users\AMD\Documents\Krankheitsbestätigung.pdf [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 23:17:54 | 000,000,158 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 11:42:11 | 000,002,619 | ---- | C] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013.04.06 14:05:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2013.04.06 14:05:02 | 000,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib [2013.04.06 14:03:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.04.06 14:02:48 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2013.04.04 19:42:02 | 000,001,477 | ---- | C] () -- C:\Users\AMD\AppData\Local\recently-used.xbel [2013.04.04 16:50:53 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.04.03 19:29:19 | 000,002,668 | ---- | C] () -- C:\Users\AMD\Desktop\Google Chrome.lnk [2013.04.03 19:27:32 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002UA.job [2013.04.03 19:27:30 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002Core.job [2013.03.30 18:53:16 | 000,001,189 | ---- | C] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk [2013.03.29 20:52:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 20:01:10 | 000,344,208 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 13:38:54 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK [2013.03.18 13:37:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdurwrd.ini [2013.03.18 13:37:11 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll [2013.03.18 13:37:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll [2013.03.18 13:37:11 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll [2013.03.18 13:37:11 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll [2013.03.18 13:37:10 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll [2013.03.18 13:37:09 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll [2013.03.18 13:37:09 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll [2013.03.18 13:37:09 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll [2013.03.18 13:37:08 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll [2013.03.18 13:37:08 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll [2013.03.18 13:37:08 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe [2013.03.18 13:37:08 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll [2013.03.18 13:37:08 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe [2013.03.18 13:37:08 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe [2013.03.18 13:37:07 | 000,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDUhcp.dll [2013.03.18 13:37:07 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDUinst.dll [2013.03.18 13:37:07 | 000,001,867 | ---- | C] () -- C:\Windows\SysWow64\lxdu.loc [2013.03.18 13:36:56 | 000,182,891 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2013.03.18 11:59:57 | 000,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdugrd.dll [2013.03.18 11:59:36 | 000,521,216 | ---- | C] ( ) -- C:\Windows\SysNative\lxduih.exe [2013.03.18 11:59:35 | 001,661,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxduserv.dll [2013.03.18 11:59:35 | 001,338,368 | ---- | C] ( ) -- C:\Windows\SysNative\lxduusb1.dll [2013.03.18 11:59:35 | 001,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomc.dll [2013.03.18 11:59:35 | 001,039,360 | ---- | C] ( ) -- C:\Windows\SysNative\lxducoms.exe [2013.03.18 11:59:35 | 000,987,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxdupmui.dll [2013.03.18 11:59:35 | 000,897,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdulmpm.dll [2013.03.18 11:59:35 | 000,580,608 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomm.dll [2013.03.18 11:59:35 | 000,548,352 | ---- | C] ( ) -- C:\Windows\SysNative\lxduinpa.dll [2013.03.18 11:59:35 | 000,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxduiesc.dll [2013.03.18 11:59:34 | 001,091,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxduhbn3.dll [2013.03.18 11:59:34 | 000,610,304 | ---- | C] ( ) -- C:\Windows\SysNative\lxducfg.exe [2013.03.18 00:39:36 | 000,000,649 | ---- | C] () -- C:\ProgramData\cl1578181498.xml [2013.03.17 22:32:46 | 000,014,127 | ---- | C] () -- C:\Users\AMD\Documents\untitled_1.odt [2013.03.17 22:32:46 | 000,011,558 | ---- | C] () -- C:\Users\AMD\Documents\untitled_0_1.odt [2013.03.14 23:45:36 | 000,074,682 | ---- | C] () -- C:\Users\AMD\Documents\Krankheitsbestätigung.pdf [2013.02.24 21:51:46 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.02.17 18:17:07 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll [2013.02.17 18:17:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll [2013.02.17 18:10:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll [2013.02.15 21:58:21 | 000,000,306 | RHS- | C] () -- C:\Users\AMD\ntuser.pol [2012.08.24 12:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.09 08:10:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.09 08:10:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.05.10 17:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2012.08.24 12:49:27 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720 < End of report > |
|
12.04.2013, 23:15
| #6 |
| | Snap.do entfernen. Ich finde keine Lösungen! OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 23:39:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AMD\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,47 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 53,54% Memory free
4,10 Gb Paging File | 2,32 Gb Available in Paging File | 56,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,57 Gb Total Space | 398,54 Gb Free Space | 88,85% Space Free | Partition Type: NTFS
Drive D: | 16,42 Gb Total Space | 2,10 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Computer Name: HP | User Name: AMD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A9D9098-E9FC-42BE-AE80-2C2F7A695983}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{358CB21A-DD59-4A0C-8F07-FC0D1C1F6833}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47D301DE-8E3D-46F0-947F-6D3AD7583B63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D6CB209-1CC4-46EE-9394-95B9BB5990A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5924B4A9-9450-42AB-B509-AF692C73FF3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BD8D55F-4F68-40F6-92D0-85C1F82E5F1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{751BD699-8F96-47E5-B1E7-9454C109755D}" = lport=138 | protocol=17 | dir=in | app=system |
"{80AB5E7E-B71B-465E-B164-D8B6CD4C4213}" = rport=138 | protocol=17 | dir=out | app=system |
"{82A43C92-A2AF-456E-9D41-3E96287FC32B}" = lport=137 | protocol=17 | dir=in | app=system |
"{85F6AA74-4970-4A54-B8F7-69B3B612E658}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BB2C1F9-4F82-4AF1-A905-5645BDF67CA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A13F1E1-77D0-4C4E-A4C0-4F99FD8DEEF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CCC895A-2293-4D45-BC5F-4799F92A6A99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A01AC305-9D87-4906-B7A2-EA8AFD421132}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6DD4156-14B5-4349-A15E-3863E0D1A6D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA66789E-22E6-4515-A097-EA1B270371EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B1DBD610-9440-4500-B702-8D144AC5EE94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E33318E7-D2F9-4465-AB84-774FC1C80C5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{E7DA2E4E-CF7B-4763-A1D3-599FB3158B2F}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE2DC825-357A-4EA7-BF6C-24EF7AA73071}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F030E18A-04F6-4EDF-9298-96DA3111AE4B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0FE342A-8EB2-4F9C-B5A1-AFA276BF2F9C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F9FED3E2-F53B-405F-A83F-FA6B97B24957}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB26D492-2165-41DC-BF63-FA04354D99B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF47E97B-86B4-4838-843D-EB3BFD33F395}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02386611-BB52-4C58-81B2-9BB24E36D59D}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{02D511CE-20A8-4CFA-BB6C-A4EB1DA97F28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{03161487-D29E-4448-A221-E62669E658AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A32D0BC-1A7E-459E-AAF2-36635BB8E238}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{0CA855D2-4305-48A5-86DF-A46C89B72D5E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0D8078B2-191E-41AE-A27F-C5EEDE1EE036}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{11C20CAF-4835-4D4F-974D-0BC8C9515C2D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1C63C70D-5675-43BB-BD8A-13E2202073E6}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxdufax.exe |
"{20738497-B654-4833-B977-C81DC0B77AD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24162DA9-B9F2-48EB-9A91-FC03C8C4921D}" = dir=out | name=skype |
"{2B521CA3-C6B4-4803-B67F-1B4C710C3F00}" = dir=in | name=kindle |
"{31E172E5-BC35-449A-8945-6FD05FD51D64}" = dir=in | name=ebay |
"{39F5E7DA-D488-400D-A317-86F17A98920E}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{3AC048E4-5970-4692-A66F-25399D92328D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E70A288-C93E-4468-A4BE-A2C825258300}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{41FBF5BF-D2CD-4484-9F58-1525040227E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{4400F7C6-D2CA-4D90-A60D-7B2977A0D47F}" = dir=in | app=c:\users\amd\appdata\local\microsoft\skydrive\skydrive.exe |
"{44B30E23-87C1-41F7-AB0A-47DC0066691C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{45A916A4-F8FB-4487-B0E9-D796D483F556}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{462F99F1-D7C0-4E1A-9D96-B2F30497F76C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4661DB78-26DE-43CE-9C38-BC7287A25C87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4670F6A8-5581-4A2F-8B08-CAC9AB68F7A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{47CA98EE-6317-4519-95C2-091977802F5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DBAF439-F67E-4963-8A74-937118BA099E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{522F33DA-7785-482C-874E-68EC384E73E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{541A36C5-FE63-42C3-9D2E-0B0285A8E501}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{56C137EA-F1D0-4275-95A6-C77ED8D1C819}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5770A021-6299-4D4E-9D62-D1A9F1FC3B1F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{586CF18A-7338-409E-B2E0-154005FC6FF8}" = dir=out | name=hp registration |
"{5B37932A-5F45-4FB1-969A-1F9B34146B86}" = dir=out | name=hp connected photo powered by snapfish |
"{5B6E46CA-D45D-454C-B504-E6EBA84E9757}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{60382E62-3F7F-42EF-A530-7D900BA03523}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{6757693A-E0CD-4E33-B562-D61322BFD585}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{68263388-1E77-4D7E-AEDA-C641DF550C30}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{68751FDE-1BB0-495A-B7A3-4250AC3719AB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{69006A16-FCBC-45ED-A653-64E1DC87ADBF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{6AC75E96-7961-4F97-A157-DB4BB00B4DE5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxdufax.exe |
"{6C4C1563-FFB4-4F07-BF04-77870DE629BD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6CE3098B-8C03-46B5-917A-7C306E7552C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{6E8A0F94-5EF7-4D16-87D8-3552CB119699}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{6EAD3CB5-DAE2-4ECD-A5F8-FFE5FA608B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB9AB67-37F5-4F6A-8BB7-CCA51DAF1983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{722922C7-A344-4CED-B29A-730B27C199A7}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{7B434BDC-BB1C-4E57-932C-A8601C19B3B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7C32113B-96D7-4C6B-8F47-E6B6CF02A8D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D165BFA-E7D1-41FB-B29A-A38EB6A5C2CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E56A8E7-A2DE-4A4B-BE95-DFF2A0D9A4F4}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81C0D551-6493-446E-A9F3-20340A14F480}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{89C2093D-606B-444E-8807-95A19F62750F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8D0A1E8F-5C85-4E4C-A35C-B13A45A4A7FC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{90CEE412-7AE4-48D7-B8E4-476184931B18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92A0DC8B-EF26-44FF-A622-FCD327EE8068}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{945390AF-4A20-410B-9EAA-9A1E8E236A79}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9827D4F6-6F5C-4950-AD53-552107ABA5B4}" = dir=in | app=c:\program files (x86)\skypewebplugin\skypewebplugin.exe |
"{A1FFBD94-BCD1-4E11-951A-94A1AE906B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A31ABFCA-3A20-42BF-86D1-95E657662735}" = dir=out | name=norton studio |
"{A3662C8C-B742-40FE-8706-C0CBA96B002E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A3CAC52A-EF6F-4741-A359-E7F2D97D257D}" = dir=out | name=kindle |
"{A4513009-10CD-4D4C-8555-437C9CEA565C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{A98CB131-D708-4CC4-BB1A-4E25C8759F24}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{AE3C4B14-68FB-402D-B18C-C980F8395020}" = protocol=6 | dir=out | app=system |
"{AFD26D94-B68A-49BE-B76F-EBA1CAAD6D5A}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B9B95AF7-8383-4068-8C38-8DBA56859D20}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B9E82FA9-6B23-425F-A46F-F775B943EF27}" = dir=out | name=getting started with windows 8 |
"{BA8C0997-D6F7-497C-B7D0-7163046AEAEE}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BACC3EFF-09C0-4C47-AD57-8293978D1B1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB04132A-56F3-49EA-B0D3-6A3AD35B085A}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{BEC1EDA2-F3C1-4432-A66C-0BD30766FDEB}C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browserprotect\proxy\myproxy.exe |
"{C4CE7621-D451-4E2B-9282-081A8DAF9609}" = dir=out | name=ebay |
"{CE1268B2-BE3F-4B90-BCDE-02E30FD272BA}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{D04D52CB-80DE-400B-8F96-5D1741AB9DD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D4A7FF9B-9479-4975-B753-39BAC4A75EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA21575C-6C42-4155-9B03-DDCBEBEF0B3B}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{DED9711B-C01A-4C84-B783-B25AF1CFE396}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E024CF18-093A-486B-B80B-65B0C59793C1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{E3592848-13FC-4DE4-B9A8-5E304C203E35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E49893B3-0B6F-4376-9D8E-A2592AA59893}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7DF2A35-2595-4E62-BF26-B4BE1EB3A688}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{F0F50457-F05E-47AC-92CB-0104B3E1690F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F7C2424D-BCDB-460A-A02B-5F96C1F8AF2A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F99F29B0-3023-4D38-8312-D13FF366AA30}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{FA587081-7117-48D1-8FD9-C9BD70E04A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB0609D1-7D20-4B87-8E8F-185F503BACE3}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{FDBD956D-0F67-49EB-ABC6-E580F25BE25A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE8E24DC-B463-4789-8607-A4BA8404AFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FFB8311E-EB27-4A2F-BFB7-D7BE938FD174}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{4090D77F-CD98-4419-B5AB-82C2F0928D05}C:\program files (x86)\browserprotect\proxy\myproxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browserprotect\proxy\myproxy.exe |
"UDP Query User{7FB512B7-079C-493F-B690-90F9B85B1EE2}C:\program files (x86)\browserprotect\proxy\myproxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\browserprotect\proxy\myproxy.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08F2724F-3B6A-91BD-E63F-1B9F8463D097}" = AMD Accelerated Video Transcoding
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{14D155F8-40FC-F843-30C6-8776BF5CEBAA}" = AMD Fuel
"{260090FD-0FA6-46A2-A19F-A566FDC401E8}" = Aero QLaunch Pro
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77BEC163-D389-42c1-91A4-C758846296A5}_is1" = Video downloader 2.0.0.430
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A257DDD7-AFD4-ABEA-0F67-9C3930091B19}" = ccc-utility64
"{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E7EB0FFE-B5E3-4163-A2A1-DD329380664A}" = HP 3D DriveGuard
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.4
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{097CB5A1-D19E-F62A-6400-91DBF8D97B17}" = CCC Help Turkish
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{0EF2A1AF-6F24-FD4B-3140-3656CC9A6BEC}" = CCC Help Italian
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{11230C68-9248-D3B8-A0C5-0461D8C0691E}" = CCC Help Dutch
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}" = HP Documentation
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{29A6A747-07ED-DB5E-AD38-5F66B06E8888}" = CCC Help Russian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2BE3A1BC-D155-1D32-9080-685C54689C34}" = CCC Help Korean
"{2F413B34-8C18-328C-E68C-0332AB527CFF}" = CCC Help Czech
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D062C86-0CCA-8F10-A575-3564BD50372C}" = Catalyst Control Center Graphics Previews Common
"{3E2D81D1-5FEE-6E90-2E0C-B8C15F05237A}" = CCC Help Norwegian
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{47B3FDA1-E7F2-D3C3-0970-B9916C5530F3}" = AMD VISION Engine Control Center
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{5CBA9A98-4CAE-92DC-4662-A77268EE1D04}" = CCC Help English
"{5F1C0CF4-49C6-B096-0F72-AA2C319BBEE0}" = CCC Help German
"{608FB285-F572-48DE-AE44-28ABFF3F6BF9}" = Internet Turbo
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{650AA9FB-CA49-A284-8E13-F3732CC20D9A}" = Catalyst Control Center Localization All
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DF0DAF1-BED0-F5BB-B96E-10AA15DF65E7}" = CCC Help Swedish
"{6F03FF16-24BF-4887-9EBA-280CF7657A54}" = COMPUTERBILD-Abzockschutz
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73AD6CBA-D50D-F30C-E579-14389FF41D1D}" = Catalyst Control Center InstallProxy
"{745A24D1-CFF4-45BA-8690-2AD15DA790C4}" = Skype Web Plugin
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7AF962CF-7018-C589-8439-EA7C9F2FA200}" = CCC Help Danish
"{7BB80D45-4024-2E0C-FC0D-45A319CD3F99}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{94BB4B4F-BD6D-4166-A580-F868C8384CA6}" = HP Software Framework
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95A762D1-99E7-F428-99B3-E3CC636C48D9}" = CCC Help Hungarian
"{96DAE3D0-5008-F1FC-186D-0B364071C98C}" = CCC Help French
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B42457E-3781-7293-5643-C722BA43397E}" = CCC Help Greek
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BCF78-EDAD-A8BC-123D-10E0D9234753}" = CCC Help Chinese Traditional
"{9FEDC691-A307-D525-7D71-EDB97240CFF3}" = CCC Help Chinese Standard
"{AB1F1677-926B-894A-A890-56A3FCD9794B}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACC5984D-6859-874C-B939-058DED2692FA}" = CCC Help Portuguese
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C458E818-0B4F-C961-AFDF-29F172EE5A1B}" = CCC Help Spanish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E175B925-538F-6D69-A9C9-4D0699648752}" = CCC Help Japanese
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E46BF405-4ADF-36F4-A0EA-EF4CDF1A21E6}" = CCC Help Polish
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"Audacity_is1" = Audacity 2.0.3
"autolyrics@man-soft.net" = Auto Lyrics
"BrowserProtect" = BrowserProtect
"Driver Pro_is1" = Driver Pro v3.0
"EazelBar" = EazelBar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"German Truck Simulator" = German Truck Simulator 1.00
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3333)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NIS" = Norton Internet Security
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdater" = SoftwareUpdater
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Startpage24" = Startpage24
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79c60d07-63bb-40e2-8e4c-572f350a3cac}" = Internet Turbo Engine
"Google Chrome" = Google Chrome
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"Karibu1" = Westermann Karibu 1
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 15:40:19 | Computer Name = HP | Source = ATIeRecord | ID = 16391
Description = ATI EEU maximum number of session has been surpassed
Error - 08.04.2013 15:40:24 | Computer Name = HP | Source = ATIeRecord | ID = 16391
Description = ATI EEU maximum number of session has been surpassed
Error - 08.04.2013 15:40:24 | Computer Name = HP | Source = ATIeRecord | ID = 16391
Description = ATI EEU maximum number of session has been surpassed
Error - 08.04.2013 15:40:25 | Computer Name = HP | Source = ATIeRecord | ID = 16391
Description = ATI EEU maximum number of session has been surpassed
Error - 08.04.2013 15:40:41 | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 15:40:41 | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15631
Error - 08.04.2013 15:40:41 | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15631
Error - 08.04.2013 23:35:59 | Computer Name = HP | Source = ATIeRecord | ID = 16391
Description = ATI EEU maximum number of session has been surpassed
Error - 08.04.2013 23:36:08 | Computer Name = HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel:
0x5121f458 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420, Zeitstempel:
0x505aaa82 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000da94f ID des fehlerhaften Prozesses:
0x1e4 Startzeit der fehlerhaften Anwendung: 0x01ce34d35a111cad Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 9d5b6fa5-a0c6-11e2-be89-38eaa7db6372
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 08.04.2013 23:38:43 | Computer Name = HP | Source = MsiInstaller | ID = 10005
Description =
[ System Events ]
Error - 24.03.2013 11:24:30 | Computer Name = HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 24.03.2013 14:02:22 | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 24.03.2013 14:02:22 | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 25.03.2013 12:32:54 | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 25.03.2013 12:32:54 | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 25.03.2013 12:33:39 | Computer Name = HP | Source = DCOM | ID = 10016
Description =
Error - 25.03.2013 12:33:39 | Computer Name = HP | Source = DCOM | ID = 10016
Description =
Error - 28.03.2013 19:40:42 | Computer Name = HP | Source = DCOM | ID = 10010
Description =
Error - 29.03.2013 09:39:52 | Computer Name = HP | Source = DCOM | ID = 10010
Description =
Error - 29.03.2013 09:40:49 | Computer Name = HP | Source = DCOM | ID = 10010
Description =
< End of report >
Darf ich die Programme jetzt schließen? Soll auf irgendetwas achten? |
|
12.04.2013, 23:28
| #7 |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen! Hallo, ja, den AdwCleaner und OTL kannst du schliessen. Wir sind aber noch nicht ganz fertig. Siehst du noch irgendwo etwas von snap.do? Schritt 1 Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
13.04.2013, 00:05
| #8 |
| | Snap.do entfernen. Ich finde keine Lösungen! Ja, ich sehe Snap.do. Wenn ich einen neuen Tab öffne, sieht man oben snap.do. Mit Rechtsklick kann man das löschen, obs aber dann ganz weggeht? Soll ich es löschen? |
|
13.04.2013, 00:11
| #9 |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen! In welchem Browser? Im Chrome? Mach bitte auch noch den obigen Scan, der geht schnell.
__________________ cheers, Leo |
|
13.04.2013, 00:16
| #10 |
| | Snap.do entfernen. Ich finde keine Lösungen! SystemLook 30.07.11 by jpshortstuff Log created at 01:07 on 13/04/2013 by AMD Administrator - Elevation successful ========== filefind ========== Searching for "*eazel*" No files found. ========== folderfind ========== Searching for "*eazel*" C:\Program Files (x86)\EazelBar d------ [17:11 18/02/2013] ========== regfind ========== Searching for "eazel" [HKEY_CURRENT_USER\Software\EazelBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}] @="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE4282F6-CA16-4ba9-BC8C-197F1D07E426}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] @="EazelBar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}] @="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE4282F6-CA16-4ba9-BC8C-197F1D07E426}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] @="EazelBar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBD839AE-B08C-4fb7-859B-F54AF16C159F}"="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] @="EazelBar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EazelBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EazelBar] "Path"="C:\Program Files (x86)\EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EBD839AE-B08C-4fb7-859B-F54AF16C159F}"="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] @="EazelBar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "DisplayName"="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "DisplayVersion"="EazelBar 1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "Publisher"="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "URLInfoAbout"="hxxp://search.eazel.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "DisplayIcon"="C:\Program Files (x86)\EazelBar\uninstall.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar] "UninstallString"="C:\Program Files (x86)\EazelBar\uninstall.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions] "{EBD839AE-B08C-4fb7-859B-F54AF16C159F}"="C:\Program Files (x86)\EazelBar\Firefox" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Vittalia\AxtanInstaller\versions\659705] "PartnerKeyword"="EAZELDE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}] @="EazelBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4282F6-CA16-4ba9-BC8C-197F1D07E426}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] @="EazelBar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\InprocServer32] @="C:\Program Files (x86)\EazelBar\Toolbar32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Updater Service for EazelBar] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Updater Service for EazelBar] "ImagePath"="C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Updater Service for EazelBar] "DisplayName"="Updater Service for EazelBar" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Updater Service for EazelBar] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Updater Service for EazelBar] "ImagePath"="C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Updater Service for EazelBar] "DisplayName"="Updater Service for EazelBar" [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\EazelBar] [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.eazel.com?id=FC80225D0B214945841FC1FC28EC5A06" [HKEY_USERS\S-1-5-21-4168891922-4078455343-2189293659-1002\Software\EazelBar] [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\EazelBar] [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.eazel.com?id=FC80225D0B214945841FC1FC28EC5A06" Searching for " " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark 5600-6600 Series (Network)] "PrintCapabilites"="<?xml version="1.0"?> <psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns  sk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlnssf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments"><psf:Option name="psk:Collated"> <psf:Property name="lps  efault"/><psf:Property name="lps MValue"><psf:Value xsi:type="xs:integer">1</psf:Value> </psf:Property> <psf:Property name="psk isplayName"><psf:Value xsi:type="xs:string">Ein</psf:Value></psf:Propert[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1\Target Id 0\Logical Unit Id 0] "SerialNumber"="SGC3524864 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Reso [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="28800" RunAsUser="" RunAsPassword="" AutoRestart="false" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/> <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/> <Param Name="SessionConfigurationData" Value=" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LexmarkInkjet\App List Manager] "AppList"=" <APP> <FRIENDLY_NAME>Acrobat Reader</FRIENDLY_NAME> <PATH>C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe</PATH> <DEFAULT_FILE_TYPE>PDF</DEFAULT_FILE_TYPE> <SUPPORTED_FILE_TYPES>PDF</SUPPORTED_FILE_TYPES> </APP> <APP> <FRIENDLY_NAME>Internet Expl.</FRIENDLY_NAME> <PATH>C:\Program Files\Internet Explorer\IEXPLORE.EXE</PATH> <DEFAULT_FILE_TYPE>JPG</DEFAULT_FILE_TYPE> <SUPPORTED_FILE_TYPES>JPG</SUPPORTED_FILE_TYPES> </APP> <APP> <FRIENDLY_NAME>MS Paint</FRIENDLY_NAME> <PATH>C:\Windows\system32\mspaint.exe</PATH> <DEFAULT_FILE_TYPE>BMP</DEFAULT_FILE_TYPE> <SUPPORTED_FILE_TYPES>BMP,TIF,JPG</SUPPORTED_FILE_TYPES> </APP> <APP> <FRIENDLY_NAME>Editor</FRIENDLY_NAME> <PATH>C:\Windows\system32\NOTEPAD.EXE</PATH> <DEFAULT_ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#02FF6FC9662908&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_U1&REV_1.0#356810034061400&0#] "DeviceDesc"="U1 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#02FF6FC9662908&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_U1&REV_1.0#356810034061400&0 #] "DeviceDesc"="U1 " [HKEY_USERS\S-1-5-21-4168891922-4078455343-2189293659-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark 5600-6600 Series (Network)] "PrintCapabilites"="<?xml version="1.0"?> <psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns sk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlnssf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments"><psf:Option name="psk:Collated"> <psf:Property name="lps efault"/><psf:Property name="lps MValue"><psf:Value xsi:type="xs:integer">1</psf:Value> </psf:Property> <psf:Property name="psk isplayName"><psf:Value xsi:type=-= EOF =- habe ichs falsch gemacht? Soll ich nochmal posten? Ja, im Chrome! ich glaube, ich hab das 2 mal gepostet. Stimmt das? |
|
13.04.2013, 00:26
| #11 |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen! Hallo, nein, alles richtig gemacht.  Schritt 1
Schritt 2
Schritt 3
Code:
ATTFilter :OTL
O2 - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
O3:64bit: - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
O3 - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
O2:64bit: - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: C:\Program Files (x86)\EazelBar\Firefox [2013.02.18 19:11:41 | 000,000,000 | ---D | M]
SRV - [2012.06.13 14:32:04 | 000,222,720 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe -- (Updater Service for EazelBar)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=61&cztbid=363967391&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=61&cztbid=363967391&q={searchTerms}
MOD - [2013.02.06 16:24:02 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe
MOD - [2013.02.06 16:24:02 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\BrowserProtect\proxy\zlibwapi.dll
SRV - [2013.02.14 10:05:56 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
:files
C:\Program Files (x86)\BrowserProtect
C:\ProgramData\GinyasBrowserCompanion
C:\Program Files (x86)\EazelBar
:reg
[-HKEY_CURRENT_USER\Software\EazelBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EazelBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar]
:commands
[emptytemp]
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
13.04.2013, 00:53
| #12 |
| | Snap.do entfernen. Ich finde keine Lösungen! All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. File C:\Program Files (x86)\EazelBar\Toolbar32.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F} not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. File C:\Program Files (x86)\EazelBar\Toolbar64.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. File C:\Program Files (x86)\EazelBar\Toolbar32.dll not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. File C:\Program Files (x86)\EazelBar\Toolbar64.dll not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. File C:\Program Files (x86)\EazelBar\Firefox not found. Error: No service named Updater Service for EazelBar was found to stop! Service\Driver key Updater Service for EazelBar not found. File C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Releasing module C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe C:\Program Files (x86)\BrowserProtect\proxy\myProxy.exe moved successfully. Releasing module C:\Program Files (x86)\BrowserProtect\proxy\zlibwapi.dll C:\Program Files (x86)\BrowserProtect\proxy\zlibwapi.dll moved successfully. Error: Unable to stop service srvBrowserProtect! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvBrowserProtect deleted successfully. C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe moved successfully. ========== FILES ========== C:\Program Files (x86)\BrowserProtect\proxy folder moved successfully. C:\Program Files (x86)\BrowserProtect folder moved successfully. C:\ProgramData\GinyasBrowserCompanion folder moved successfully. File\Folder C:\Program Files (x86)\EazelBar not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\EazelBar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EazelBar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AMD ->Temp folder emptied: 891109163 bytes ->Temporary Internet Files folder emptied: 358703234 bytes ->Google Chrome cache emptied: 396535886 bytes ->Flash cache emptied: 2554 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47850992 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.616,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04132013_014224 Files\Folders moved on Reboot... File move failed. C:\Users\AMD\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.04.2013 01:56:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AMD\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,47 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 58,35% Memory free
4,10 Gb Paging File | 2,42 Gb Available in Paging File | 59,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,57 Gb Total Space | 400,21 Gb Free Space | 89,22% Space Free | Partition Type: NTFS
Drive D: | 16,42 Gb Total Space | 2,10 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Computer Name: HP | User Name: AMD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013.04.13 01:54:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AMD\Downloads\OTL (2).exe
PRC - [2013.03.14 18:43:20 | 000,188,760 | ---- | M] () -- C:\Programme\Video downloader\ExtensionUpdaterService.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.27 19:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012.03.28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.01.02 04:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.09.11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012.12.12 01:09:49 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.10.09 04:23:11 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.09 04:23:11 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.10.09 04:23:11 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2012.09.28 23:41:48 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012.09.14 00:04:14 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.07.27 01:08:38 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012.07.27 01:08:38 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012.07.27 01:08:38 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012.07.27 01:08:38 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.07.27 01:08:38 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.07.27 01:08:38 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.07.27 01:08:38 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012.07.27 01:08:38 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2012.07.26 05:19:14 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2012.06.08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2012.01.02 04:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008.09.10 11:56:27 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008.09.10 11:56:14 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008.09.10 11:56:12 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
MOD - [2008.09.10 11:40:31 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008.05.23 14:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.08.23 17:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2012.08.10 16:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012.08.09 08:45:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.08.08 11:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009.10.16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009.10.16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2013.03.29 20:52:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.14 18:43:20 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Video downloader\ExtensionUpdaterService.exe -- (Video downloader Updater)
SRV - [2013.02.07 14:04:30 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.21 18:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.10.16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.12.04 15:47:30 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 12:18:30 | 000,083,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.06 17:55:24 | 000,323,584 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.08.24 11:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.08.24 11:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.24 11:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012.08.10 16:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.08.10 16:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.08.09 10:03:32 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.08.09 07:48:20 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.07 12:51:18 | 000,141,256 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.08.03 15:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012.07.31 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.31 10:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.24 11:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.07.24 11:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.07.24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.07.21 18:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.07.18 06:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012.06.25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.23 07:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012.06.20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.06.19 16:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.29 19:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 19:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.04.09 14:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.02.15 23:03:18 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130412.016\ex64.sys -- (NAVEX15)
DRV - [2013.02.15 23:03:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.02.15 23:03:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.02.15 23:03:18 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130412.016\eng64.sys -- (NAVENG)
DRV - [2013.02.14 08:05:36 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130411.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.01.11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/02/18 18:32:23] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{28A1AFBC-2A66-4FD6-8237-7EAF11857F60}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.eazel.com?id=FC80225D0B214945841FC1FC28EC5A06
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.eazel.com?id=FC80225D0B214945841FC1FC28EC5A06
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64c;Version=5: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\AMD\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\AMD\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX [2013.03.29 20:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.04.12 23:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.02.15 15:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\ProgramData\Startpage24\Plugin\firefox [2013.02.21 22:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox [2013.03.29 20:43:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.03 13:16:26 | 000,000,000 | ---D | M]
[2013.02.15 22:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\AMD\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Users\AMD\AppData\Roaming\Mozilla\plugins\NpFv530.dll
CHR - plugin: Skype Web Plugin (Enabled) = C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Startpage24 Startpage (Enabled) = C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll
CHR - plugin: Startpage24 Startpage (Enabled) = C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll
CHR - plugin: Google Update (Enabled) = C:\Users\AMD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Startpage24 Extension = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjedieekahkckccfclnacnooabafgjg\0.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\
CHR - Extension: Google Mail = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Auto Lyrics = C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\
O1 HOSTS File: ([2013.02.24 10:29:22 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 google-analytics.com
O2:64bit: - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Programme\Video downloader\Extension64.dll ()
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Programme\Video downloader\Extension32.dll ()
O2 - BHO: (Startpage24 Browser Helper) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll (Link64 GmbH)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O4 - Startup: C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4168891922-4078455343-2189293659-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C586592-6EAF-4C19-9872-AF5FFA65C43D}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46EA0735-FC39-49DE-96DB-6485C85FD43E}: DhcpNameServer = 40.20.1.201 40.20.1.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C82F9C-609E-4ABC-80F2-5C97022DD01D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB937A27-6165-4ECF-B9DC-135084409E1F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\startpage24 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\startpage24 {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll (Link64 GmbH)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{021262b5-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun
O33 - MountPoints2\{021262b5-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence
O33 - MountPoints2\{02126400-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun
O33 - MountPoints2\{02126400-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence
O33 - MountPoints2\{021264be-776e-11e2-be73-38eaa7db6372}\Shell - "" = AutoRun
O33 - MountPoints2\{021264be-776e-11e2-be73-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence
O33 - MountPoints2\{e7682d96-77a2-11e2-be74-38eaa7db6372}\Shell - "" = AutoRun
O33 - MountPoints2\{e7682d96-77a2-11e2-be74-38eaa7db6372}\Shell\AutoRun\command - "" = "F:\setup_vmc_lite.exe" /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.13 01:42:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.06 14:06:13 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\MAGIX Downloads
[2013.04.06 14:06:12 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\MAGIX
[2013.04.06 14:05:02 | 000,487,424 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2013.04.06 14:05:02 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2013.04.06 14:05:02 | 000,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2013.04.06 14:05:02 | 000,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2013.04.06 14:05:02 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2013.04.06 14:05:02 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2013.04.06 14:05:02 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2013.04.06 14:05:02 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2013.04.06 14:05:02 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2013.04.06 14:05:02 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2013.04.06 14:05:02 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2013.04.06 14:05:02 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2013.04.06 14:05:02 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2013.04.06 14:05:02 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2013.04.06 14:05:02 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2013.04.06 14:05:02 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2013.04.06 14:05:02 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2013.04.06 14:05:02 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2013.04.06 14:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.04.06 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\MAGIX_MusicMaker15_for_MySpace
[2013.04.06 14:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.04.06 14:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.04.06 14:02:48 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2013.04.06 14:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2013.04.04 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
[2013.04.04 17:02:05 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\SafeNet Sentinel
[2013.04.04 17:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2013.04.04 17:01:50 | 000,083,072 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2013.04.04 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2013.04.04 17:01:45 | 004,412,872 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe
[2013.04.04 17:01:45 | 004,412,872 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe
[2013.04.04 17:01:44 | 000,141,256 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\aksfridge.sys
[2013.04.04 17:01:40 | 000,323,584 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2013.04.04 17:01:29 | 000,198,088 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll
[2013.04.04 16:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightworks
[2013.04.04 16:51:22 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Audacity
[2013.04.04 16:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.04.04 16:37:10 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\HPConnectedMusic
[2013.04.04 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\fontconfig
[2013.04.04 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\gegl-0.2
[2013.04.04 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\AMD\.gimp-2.8
[2013.04.04 16:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.03 19:29:19 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.30 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\MultiSkypeLauncher
[2013.03.30 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
[2013.03.30 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiSkypeLauncher
[2013.03.30 14:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2013.03.30 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2013.03.29 22:21:35 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\Youcam
[2013.03.29 20:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Video downloader
[2013.03.29 01:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.03.29 01:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.29 01:38:07 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\DVDVideoSoft
[2013.03.29 01:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.26 20:14:40 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westermann Multimedia
[2013.03.26 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Westermann
[2013.03.25 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\German Truck Simulator
[2013.03.25 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2013.03.25 23:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2013.03.25 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2013.03.25 19:01:11 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\Abelssoft
[2013.03.25 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.03.25 18:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader
[2013.03.25 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Song Downloader
[2013.03.25 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Nico Mak Computing
[2013.03.25 18:07:18 | 000,019,840 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2013.03.25 18:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2013.03.25 18:05:22 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\uTorrent
[2013.03.18 13:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series
[2013.03.18 13:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 5600-6600 Series
[2013.03.18 13:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5600-6600 Series
[2013.03.18 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\ElevatedDiagnostics
[2013.03.18 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2013.03.17 23:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.17 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.17 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.13 01:55:45 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 01:55:45 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 01:55:45 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 01:55:45 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 01:55:45 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 01:52:09 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.04.13 01:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 01:48:05 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.13 01:48:01 | 2981,527,552 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 01:42:10 | 000,002,670 | ---- | M] () -- C:\Users\AMD\Desktop\Google Chrome.lnk
[2013.04.13 01:37:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002UA.job
[2013.04.13 01:36:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 01:15:03 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_AMD.job
[2013.04.12 23:21:54 | 000,344,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 23:18:16 | 000,000,158 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.11 19:37:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002Core.job
[2013.04.06 14:05:11 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2013.04.04 19:42:02 | 000,001,477 | ---- | M] () -- C:\Users\AMD\AppData\Local\recently-used.xbel
[2013.03.30 18:53:17 | 000,001,189 | ---- | M] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
[2013.03.18 13:40:27 | 000,182,891 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2013.03.18 13:38:54 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK
[2013.03.18 00:39:36 | 000,000,649 | ---- | M] () -- C:\ProgramData\cl1578181498.xml
[2013.03.17 21:38:14 | 000,014,127 | ---- | M] () -- C:\Users\AMD\Documents\untitled_1.odt
[2013.03.17 21:38:14 | 000,011,558 | ---- | M] () -- C:\Users\AMD\Documents\untitled_0_1.odt
[2013.03.14 23:45:37 | 000,074,682 | ---- | M] () -- C:\Users\AMD\Documents\Krankheitsbestätigung.pdf
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.12 23:17:54 | 000,000,158 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 11:42:11 | 000,002,619 | ---- | C] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.06 14:05:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2013.04.06 14:05:02 | 000,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2013.04.06 14:03:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.04.06 14:02:48 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013.04.04 19:42:02 | 000,001,477 | ---- | C] () -- C:\Users\AMD\AppData\Local\recently-used.xbel
[2013.04.04 16:50:53 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.04.03 19:29:19 | 000,002,670 | ---- | C] () -- C:\Users\AMD\Desktop\Google Chrome.lnk
[2013.04.03 19:27:32 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002UA.job
[2013.04.03 19:27:30 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168891922-4078455343-2189293659-1002Core.job
[2013.03.30 18:53:16 | 000,001,189 | ---- | C] () -- C:\Users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
[2013.03.29 20:52:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 20:01:10 | 000,344,208 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 13:38:54 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK
[2013.03.18 13:37:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdurwrd.ini
[2013.03.18 13:37:11 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2013.03.18 13:37:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2013.03.18 13:37:11 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2013.03.18 13:37:11 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2013.03.18 13:37:10 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2013.03.18 13:37:09 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2013.03.18 13:37:09 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2013.03.18 13:37:09 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2013.03.18 13:37:08 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2013.03.18 13:37:08 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2013.03.18 13:37:08 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2013.03.18 13:37:08 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2013.03.18 13:37:08 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2013.03.18 13:37:08 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2013.03.18 13:37:07 | 000,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDUhcp.dll
[2013.03.18 13:37:07 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDUinst.dll
[2013.03.18 13:37:07 | 000,001,867 | ---- | C] () -- C:\Windows\SysWow64\lxdu.loc
[2013.03.18 13:36:56 | 000,182,891 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2013.03.18 11:59:57 | 000,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdugrd.dll
[2013.03.18 11:59:36 | 000,521,216 | ---- | C] ( ) -- C:\Windows\SysNative\lxduih.exe
[2013.03.18 11:59:35 | 001,661,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxduserv.dll
[2013.03.18 11:59:35 | 001,338,368 | ---- | C] ( ) -- C:\Windows\SysNative\lxduusb1.dll
[2013.03.18 11:59:35 | 001,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomc.dll
[2013.03.18 11:59:35 | 001,039,360 | ---- | C] ( ) -- C:\Windows\SysNative\lxducoms.exe
[2013.03.18 11:59:35 | 000,987,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxdupmui.dll
[2013.03.18 11:59:35 | 000,897,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdulmpm.dll
[2013.03.18 11:59:35 | 000,580,608 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomm.dll
[2013.03.18 11:59:35 | 000,548,352 | ---- | C] ( ) -- C:\Windows\SysNative\lxduinpa.dll
[2013.03.18 11:59:35 | 000,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxduiesc.dll
[2013.03.18 11:59:34 | 001,091,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxduhbn3.dll
[2013.03.18 11:59:34 | 000,610,304 | ---- | C] ( ) -- C:\Windows\SysNative\lxducfg.exe
[2013.03.18 00:39:36 | 000,000,649 | ---- | C] () -- C:\ProgramData\cl1578181498.xml
[2013.03.17 22:32:46 | 000,014,127 | ---- | C] () -- C:\Users\AMD\Documents\untitled_1.odt
[2013.03.17 22:32:46 | 000,011,558 | ---- | C] () -- C:\Users\AMD\Documents\untitled_0_1.odt
[2013.03.14 23:45:36 | 000,074,682 | ---- | C] () -- C:\Users\AMD\Documents\Krankheitsbestätigung.pdf
[2013.02.24 21:51:46 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.02.17 18:17:07 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2013.02.17 18:17:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2013.02.17 18:10:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2013.02.15 21:58:21 | 000,000,306 | RHS- | C] () -- C:\Users\AMD\ntuser.pol
[2012.08.24 12:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.09 08:10:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.09 08:10:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.10 17:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2012.08.24 12:49:27 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.17 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\5600-6600 Series
[2013.02.21 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\AntiBrowserSpy 2009
[2013.02.21 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Ashampoo
[2013.04.04 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Audacity
[2013.02.26 16:40:11 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Blender Foundation
[2013.02.24 21:13:54 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Driver Pro
[2013.03.29 01:38:29 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\DVDVideoSoft
[2013.02.21 20:43:46 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Kingsoft
[2013.04.06 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\MAGIX
[2013.03.30 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\MultiSkypeLauncher
[2013.03.25 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Nico Mak Computing
[2013.02.24 21:34:42 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\OpenOffice.org
[2013.02.21 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Stardock
[2013.02.15 16:01:17 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Synaptics
[2013.02.15 21:44:32 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\TuneUp Software
[2013.03.26 01:26:30 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\uTorrent
[2013.02.15 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Vodafone
[2013.02.24 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720
< End of report >
|
|
13.04.2013, 01:22
| #13 |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen! Jep, gut. Ist snap.do jetzt ganz weg? Schritt 1 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
13.04.2013, 01:43
| #14 |
| | Snap.do entfernen. Ich finde keine Lösungen! Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.12.14 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 AMD :: HP [Administrator] Schutz: Aktiviert 13.04.2013 02:36:30 mbam-log-2013-04-13 (02-36-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209350 Laufzeit: 4 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) bei der ersten Schritt habe ich das mit den "Ergebnissen anzeigen und dann alle löschen" nicht verstanden. Wo steht da Ergebnisse anzeigen? soll ich mit der 2. Schritt beginnen oder muss ich da was löschen? |
|
13.04.2013, 01:58
| #15 | |
| /// TB-Ausbilder | Snap.do entfernen. Ich finde keine Lösungen!Zitat:
__________________ cheers, Leo |
|
| Themen zu Snap.do entfernen. Ich finde keine Lösungen! |
| deinstalliere, deinstallieren, einiger, einstellungen, entferne, entfernen, formiert, gefunde, gen, google, herunterladen, installier, installiert, kommt wieder, kostet, lösungen, monate, nichts, probiert, problem, programm, programme, snap.do, spyhunter, vorgehen, wegzukriegen |
Textbox.
Linear-Darstellung
