Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: e.ligatus.com taucht bei mir in Internet Explorer auch auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.05.2013, 16:45   #1
Kman112
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Hallo zusammen,

ab und an wird bei mir auch ein neues und leeres IE Fenster geöffnet mit der URL e.ligatus.com. Ich habe es erstmal ignoriert, da ich ICQ7M stetig im Hintergrund laufen lasse und manchmal bin ich so blöd und klicke versehentlich auf irgendwelche Werbebanner und muss das Fenster dann schliessen. Aber es ist gestern zwei mal passiert obwohl ich in ICQ gar nicht unterwegs war. Daraufhin habe ich die URL gegoogelt und habe die Themen hier gesehen und dachte ich würde mich auch anschliessen.

Das Fenster mit der URL taucht seit etwas mehr als einen Monat nur ab und an auf aber von besonders Häufig wäre vielleicht zu viel gesagt. Ich habe gestern und heute mein Rechner mit Norton Antivirus + Trend Micro Housecall sowie Malwarebytes geprüft und mir wird nichts gezeigt. Immerhin, hier die Malwarebytes, OTL, Extras und Gmer-Logs:

Malwarebytes:
Zitat:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kevin :: KEVIN-PC [Administrator]

Schutz: Aktiviert

5/27/2013 4:53:58 PM
mbam-log-2013-05-27 (16-53-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241297
Laufzeit: 10 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/27/2013 8:47:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 46.25% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.69 Gb Total Space | 195.26 Gb Free Space | 68.83% Space Free | Partition Type: NTFS
Drive D: | 14.10 Gb Total Space | 2.02 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 89.32 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive F: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 149.01 Gb Total Space | 80.68 Gb Free Space | 54.15% Space Free | Partition Type: FAT32
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/27 08:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2013/05/27 08:27:12 | 000,050,477 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45OT0GAS\Defogger.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/08/04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
PRC - [2011/01/09 05:29:34 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/01/09 05:29:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/12/29 14:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/27 08:27:12 | 000,050,477 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45OT0GAS\Defogger.exe
MOD - [2013/05/16 01:41:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 01:41:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 01:41:17 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 01:41:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 01:40:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/15 09:18:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/09 22:18:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 22:18:37 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll
MOD - [2013/01/09 22:18:37 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\521a6a2a0bdc82ad5f0ec5aecb6b8c82\IAStorCommon.ni.dll
MOD - [2013/01/09 22:16:46 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 22:16:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 22:16:28 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 22:15:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 22:15:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 22:15:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 22:15:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/20 20:20:35 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/17 03:43:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/09 18:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 18:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 18:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 18:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 18:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 18:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 18:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 18:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/03/03 09:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/05/12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/01/09 05:29:34 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/01/09 05:29:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/05 12:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/01/04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/11/18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/20 06:08:30 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/22 04:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/22 04:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/04 06:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 23:11:12 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/30 04:26:53 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/03/03 09:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/03/03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 08:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/28 19:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/07 20:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 20:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 20:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 20:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/22 05:56:18 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130526.007\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 05:56:18 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130526.007\eng64.sys -- (NAVENG)
DRV - [2013/04/13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130515.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/25 22:29:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130524.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 06:42:20 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/09/23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {15EA269E-3BA7-4EBE-9F9D-C7C16E8E00F7}
IE - HKLM\..\SearchScopes\{15EA269E-3BA7-4EBE-9F9D-C7C16E8E00F7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {15EA269E-3BA7-4EBE-9F9D-C7C16E8E00F7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{15EA269E-3BA7-4EBE-9F9D-C7C16E8E00F7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{839E6EDD-9112-4D28-8504-3CA11D160B1D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D2187F4C-96B8-4F21-9634-603369FCD572&apn_sauid=D6651F6B-AECB-4F48-AADE-9394DADE7BF7
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/20 18:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013/05/26 04:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/25 19:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 00:54:04 | 000,000,000 | ---D | M]
 
[2011/01/01 01:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2013/05/22 04:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hn2f5ld4.default\extensions
[2012/09/02 15:02:43 | 000,002,299 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hn2f5ld4.default\searchplugins\askcom.xml
[2011/01/17 01:09:54 | 000,001,834 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hn2f5ld4.default\searchplugins\bing.xml
[2013/04/04 23:29:42 | 000,002,376 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hn2f5ld4.default\searchplugins\icq.xml
[2013/05/25 19:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/23 00:54:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/23 00:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/23 00:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/23 00:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/23 00:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/05/25 19:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/25 19:48:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BEC4772-4502-4C9F-A3C0-32BB9276AEBA}: DhcpNameServer = 10.255.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D16755C-645A-42DF-A5A8-2CEADF00BD92}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/03 16:01:02 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/27 08:30:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/05/27 00:27:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2013/05/27 00:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/27 00:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/27 00:27:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/27 00:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/27 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Programs
[2013/05/23 00:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/22 19:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/22 19:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/22 19:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/22 19:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/22 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 01:08:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013/05/10 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A02EF8DB-124D-49D0-8022-39D43A4A50E3}
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/27 08:31:31 | 000,001,629 | ---- | M] () -- C:\Users\Kevin\Documents\malware bytes.rtf
[2013/05/27 08:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/05/27 08:28:05 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\defogger_reenable
[2013/05/27 08:04:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-303341459-1129224425-2395320912-1000UA.job
[2013/05/27 00:32:31 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 00:32:31 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/27 00:32:31 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 00:32:31 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/27 00:32:31 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 00:27:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/26 22:52:07 | 001,029,167 | ---- | M] () -- C:\Users\Kevin\AppData\Local\census.cache
[2013/05/26 22:51:56 | 000,119,786 | ---- | M] () -- C:\Users\Kevin\AppData\Local\ars.cache
[2013/05/26 19:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-303341459-1129224425-2395320912-1000Core.job
[2013/05/26 17:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/26 04:24:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 04:24:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 04:15:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 19:48:35 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/24 03:04:30 | 000,002,364 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2013/05/22 19:14:03 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/16 23:42:25 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/16 01:35:53 | 000,424,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/06 22:44:10 | 640,967,083 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/01 14:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKevin.job
[2013/04/29 22:34:19 | 000,001,091 | ---- | M] () -- C:\Users\Kevin\Documents\Dokumente - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/27 08:31:31 | 000,001,629 | ---- | C] () -- C:\Users\Kevin\Documents\malware bytes.rtf
[2013/05/27 08:28:05 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\defogger_reenable
[2013/05/27 00:27:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/22 19:14:02 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/29 22:34:19 | 000,001,091 | ---- | C] () -- C:\Users\Kevin\Documents\Dokumente - Verknüpfung.lnk
[2012/05/05 20:45:49 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/02/21 22:59:09 | 001,029,167 | ---- | C] () -- C:\Users\Kevin\AppData\Local\census.cache
[2012/02/21 22:58:21 | 000,119,786 | ---- | C] () -- C:\Users\Kevin\AppData\Local\ars.cache
[2012/02/21 22:47:46 | 000,000,036 | ---- | C] () -- C:\Users\Kevin\AppData\Local\housecall.guid.cache
[2011/02/28 22:06:38 | 000,001,854 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\GhostObjGAFix.xml
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/10 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Haufe
[2013/05/27 08:29:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ICQ
[2011/01/16 04:43:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony
[2012/11/20 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/27/2013 8:47:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 46.25% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.69 Gb Total Space | 195.26 Gb Free Space | 68.83% Space Free | Partition Type: NTFS
Drive D: | 14.10 Gb Total Space | 2.02 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 89.32 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive F: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 149.01 Gb Total Space | 80.68 Gb Free Space | 54.15% Space Free | Partition Type: FAT32
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01564CB8-A02F-4A56-A198-53624E874C1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{04438190-2DDE-4E74-BAB3-0CF1D3304B84}" = rport=445 | protocol=6 | dir=out | app=system | 
"{092C98F6-BC49-44BE-9AD3-33DA6B3DD9B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{15050FD2-FFF5-4361-82F1-4ADB0A16ABB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{457CEE39-FF67-4848-AA26-557F60C82AE5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{45AD533E-AC13-42D8-857E-F43953C1FB49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{517A7AFD-3E08-4461-953A-2348CE3412AB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5346D2C4-5BC5-4088-B839-96EB3E0C426B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{54A37D98-E988-43C2-91CF-B601286DFFE8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{584A0F2A-AB0D-4343-BDE8-4CDE992F5F35}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6740FE82-2167-410C-A809-2D8CC8E0B18C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7567E773-424B-4314-AF5B-C7AC31FB44D5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7F90B070-6118-438B-AA35-84FC39687DED}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8FEA8F0E-DC56-4983-A9AE-5304836A2C94}" = rport=137 | protocol=17 | dir=out | app=system | 
"{94192A66-E718-4666-9841-BEF27D715861}" = rport=139 | protocol=6 | dir=out | app=system | 
"{947CB317-099C-4852-87CF-A343B7EB409E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95E2E2A1-B0C9-400A-90F0-2E4B4796EBB4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D15CD24-2791-4CDB-9946-001B62ED8CC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A77DE921-3810-4F19-932E-6EE84421AD08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B17A044C-57D1-4F47-8F0C-9CE2F42F39DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA86D78D-1864-452E-B584-BBC705BAC1B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C08262C3-73E0-4B38-9B2C-B987CB4141CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C6BD612C-91F5-4141-94B2-02B652D3755E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DA0B825A-4FC9-489F-B2A3-548D14A6B9DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E90AE0BC-FB07-4392-AB46-746C2F8F473F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ED293148-D2F3-4AF1-A543-CFAD414CDC33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C2F78B-9C01-4684-AFE9-325FAE294879}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{07D6E66A-8F55-4569-91DA-3445DC09CD73}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0BD4CCD3-53E9-4FDF-8E15-02700F5B3F58}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0E1C151C-C08C-4388-AC44-84CBB9C8D5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0E89D6E2-39A1-4592-914D-C6C74015B8E8}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{103511E9-2680-4327-BF8A-B06231E8D054}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{12D8CE1E-298C-470E-8781-996D394E9466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14FC562E-E608-431F-BA2C-34295914690D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15FDE3DA-0A0E-4184-9188-4DC5E18D60C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1D7130DD-3CFC-4FB1-9B20-CBFECBE15225}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1F4AB24C-B95B-4299-9C63-CD8F8E3546AE}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\icqm\icq.exe | 
"{2164D490-4557-4E19-9415-629EBD1B303D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2ACE39FE-469D-48AF-A86E-BFE4D43D9C62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32AB1DDC-24DD-4E69-A321-B1419C1C92A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{349D2020-D997-4AF4-94BB-86FAAC53DDE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{38557FB2-AC06-4D98-B2FF-F5296092CDA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3B850B69-B010-486F-8F86-84FD5EFDE625}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3F030B50-3E8D-4F57-A679-AB6EF6FF690B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4982C990-B138-4622-9292-CF63F0A316C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4E3BB8D8-5965-43AF-ACDF-3EF05EDE7396}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{53635C76-9F84-46B7-9544-DB37A0A851DC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{574654A6-EDFD-49B1-A899-3170EF573015}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6167EE6B-2E9B-4F63-8FC2-502FAA4B31AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6CEC06AF-E28C-49D5-8C21-8691880EAF0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D460271-CA64-431B-905F-255D4CFDE448}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{7D073846-F188-4312-8178-B8657E7BD5E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EA82AE6-41D1-4045-BE01-DE4FAF22E147}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{85271E6F-BA05-4A74-AB28-CBA4140ED334}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CA0575A-B272-4778-867C-1172688CCE7A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9174B957-E62F-4B79-BB5A-D35A9664DB23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{972D859F-2A64-4380-B153-FF2A9961083B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{9D7A56A1-0E41-472B-AC13-52CF9685D545}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9EB6C756-2D6A-43C2-B98B-5654F6A44C89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A607BCA0-5933-4C8F-B448-C18082235B98}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AC561F05-5F4E-4F95-B7F3-FBADCE123D7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B1C21D68-7599-4CF1-B0F2-13FDE151423C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BB609AB1-028A-4EA4-A01A-89F21729C11E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BC6DF19C-9DF1-4923-B44F-FDDDC1975727}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{BDB9A94E-0185-4580-8B91-685A093C1287}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BEA7A6B2-58A8-4660-94E6-8D442B4BCC4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BF5D4B9F-1B35-4ADD-8717-9F862369FAE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF9A7644-5648-4FFE-BC5E-809C03EB9654}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2F349BB-2C48-4CD4-9963-34EF8A02B8B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4B327A1-8AEE-4AD4-B405-B2BB2B208C4B}" = protocol=6 | dir=out | app=system | 
"{C6AE57CA-9AC8-4419-AD94-1B1EE2539AF7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{CAF944B0-DF0A-4834-8165-73DD5111543B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{CEA24757-1CC3-48FA-9FB8-82301D5F4998}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{DACBE6C7-7012-4BEF-B5D2-ABC66A7D3DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{E0377DBA-56A2-4FE5-901F-1FA4E51EB661}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBA879E7-9ECB-430E-8AAF-2521E13439FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F34FFA2A-263E-4D77-B953-8B7D6BABD7C7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{F6EB868A-5BBD-4250-8FDC-BB640914BD60}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\icqm\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55A4978B-CC3A-E5C2-5567-95B70A1D1432}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{C9083B9D-9092-FF22-DDCC-9776E69BE816}" = ATI Catalyst Install Manager
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF3F93-F2CE-BFBE-347E-C49F3A1780D9}" = CCC Help Dutch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223B6018-B8A2-7090-7BA9-4E2002DCAB86}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3ECBC47D-7913-8D9D-8703-DC1969CB252A}" = CCC Help Danish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43861B2A-0548-46B7-56E3-F2AB01311C7E}" = CCC Help Greek
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EDCB0CC-305A-2D52-E9A5-E6CA59DFF2F7}" = CCC Help Turkish
"{4F80ACED-DE98-ECF3-0559-098936A13994}" = Catalyst Control Center Graphics Full New
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51343725-98F7-D613-E46D-3C2198DF0162}" = Catalyst Control Center Core Implementation
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{621E909B-9AD0-8E66-336F-5B0284145719}" = CCC Help Japanese
"{63CE9AEA-F3F7-C1DC-EC4E-27A0DF0B9261}" = Catalyst Control Center Graphics Previews Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6B78BA3C-795D-C47D-5DD3-BEA98FF7CD6C}" = CCC Help Norwegian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F4B5D6B-6FA4-ACDE-F89C-BF437D2302AF}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E108BF-C1B2-A945-9EFC-FFA030D20E1E}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{8354E8D3-B6FF-079F-E82F-73128A84A354}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934B3B9F-8B5F-AA7F-770E-117C9B7B4DCA}" = CCC Help Czech
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F3767E-8A52-4AA6-9304-BEEFBAC04575}" = HP User Guides 0217
"{99CFB83D-D10A-F740-2EE5-02BB86F79BBB}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B90C530-7A5F-7997-6275-A66AB973148B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC22E56-5466-8E1E-4533-81E0AC51120B}" = CCC Help Spanish
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB4CE98A-220A-1F05-A513-6CA5C9F34A8A}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C2483D27-D725-95FD-6EBF-8AAE23A8342C}" = CCC Help Portuguese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C388F68C-5AA9-ECE2-6FD7-73EB09FD5130}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C829AA7D-3113-0942-06D1-1A2CFA850920}" = CCC Help French
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC639DE4-356A-B032-BE59-52ED46879591}" = CCC Help Thai
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3058349-D2ED-4A3B-651B-9882B3BD7F8D}" = Catalyst Control Center Localization All
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3E9CA09-20E8-F218-15F3-3E1CA0EEFB4D}" = PX Profile Update
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D895ACBB-697F-1C12-6E3F-3A6229D19857}" = CCC Help German
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D9ABACA0-5C8B-6D8E-6881-65EF2F13B987}" = CCC Help Polish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE22695F-CB6A-B64F-8477-275C1FCF3001}" = Catalyst Control Center Graphics Full Existing
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AD9B8-1A7C-87E9-2ABE-8F852A89A369}" = CCC Help English
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAA941D9-93E7-2C0B-0754-0806755CD5F3}" = ccc-core-static
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF0970F3-19FE-CDA9-837B-C9EA53D5DBED}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F580D6C2-140E-143A-1013-3C3A4FCCB3A1}" = CCC Help Chinese Traditional
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9842DD1-81B6-AF2C-72C2-F28B56A5B6DF}" = CCC Help Swedish
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"VLC media player" = VLC media player 2.0.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082414" = Mystery P.I. - The Vegas Heist
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082439" = Bus Driver
"WT083492" = Agatha Christie - Death on the Nile
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2012 5:37:16 PM | Computer Name = Kevin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 7/16/2012 2:10:20 PM | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 7/16/2012 3:13:40 PM | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 7/17/2012 1:22:39 AM | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1b5c    Startzeit: 01cd63dbe8dea139    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 7/17/2012 6:02:49 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/17/2012 6:02:49 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092
 
Error - 7/17/2012 6:02:49 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error - 7/17/2012 6:02:50 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/17/2012 6:02:50 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2153
 
Error - 7/17/2012 6:02:50 PM | Computer Name = Kevin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153
 
[ Hewlett-Packard Events ]
Error - 11/27/2012 4:59:55 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 50  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 6:48:12 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 50  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 6:48:18 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 50  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 7:13:14 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization:   TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 7:16:53 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 60  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 11:56:12 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 70  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 11:59:32 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 70  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 11:59:37 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 70  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/27/2012 9:16:50 PM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 50  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
Error - 11/28/2012 1:59:39 AM | Computer Name = Kevin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147467259hpsa_service.exe   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Message:
 Das System kann die angegebene Datei nicht finden  StackTrace:   bei System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
 startInfo)     bei HP.SupportFramework.Service.Battery.BatteryCheck.RunBatteryCheck()
Source:
 System    Name: hpsa_service.exe  Version: 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\hpsa_service.exe  Format: de-DE  RAM: 3893  Ram Utilization: 50  TargetSite:
 Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)  
 
[ HP Software Framework Events ]
Error - 10/29/2012 3:39:07 AM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012.10.29 08:39:06.166|00002ADC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/29/2012 3:39:10 AM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012.10.29 08:39:10.425|00003610|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/29/2012 3:39:11 AM | Computer Name = Kevin-PC | Source = CaslSmBios | ID = 5
Description = 2012.10.29 08:39:11.095|00002ADC|Error      |[CaslWmi]CommandPowerControl::B{hpCasl.enReturnCode(CaslWmi.enReadCmdType,byte[]&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/1C while getting Power Schedule
 
Error - 10/29/2012 3:39:11 AM | Computer Name = Kevin-PC | Source = CaslSmBios | ID = 5
Description = 2012.10.29 08:39:11.165|00002ADC|Error      |[CaslWmi]CommandPowerControl::B{hpCasl.enReturnCode(CaslWmi.enReadCmdType,byte[]&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/1C while getting Power Schedule
 
Error - 10/29/2012 3:39:26 AM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012.10.29 08:39:26.953|000021F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/29/2012 3:39:42 AM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012.10.29 08:39:42.238|00001D24|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/5/2012 3:55:05 PM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012.11.05 20:55:05.407|000011B0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/5/2012 3:56:44 PM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012/11/05 20:56:44.910|000010DC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/5/2012 3:56:49 PM | Computer Name = Kevin-PC | Source = CaslWmi | ID = 5
Description = 2012/11/05 20:56:49.817|000003F4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/5/2012 3:56:50 PM | Computer Name = Kevin-PC | Source = hpCasl | ID = 5
Description = 2012/11/05 20:56:50.346|000003F4|Error      |[hpcasl]Global::CheckforValidSignature{bool()}|Calling
 process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\CASLExec.exe
 does not have a valid signature. HP CASL loading aborted
 
[ HP Wireless Assistant Events ]
Error - 4/29/2013 3:01:03 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 4/30/2013 12:52:21 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 4/30/2013 11:23:25 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/2/2013 12:45:50 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/3/2013 1:19:35 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/5/2013 12:32:23 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/5/2013 2:01:31 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/6/2013 11:00:55 AM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/6/2013 12:59:00 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 5/6/2013 3:53:32 PM | Computer Name = Kevin-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

   bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

   bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
[ System Events ]
Error - 5/15/2013 1:52:00 PM | Computer Name = Kevin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 5/18/2013 9:38:12 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst NIS erreicht.
 
Error - 5/19/2013 6:40:53 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 5/20/2013 11:50:48 PM | Computer Name = Kevin-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 5/20/2013 11:50:48 PM | Computer Name = Kevin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 5/21/2013 1:17:12 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 5/21/2013 1:17:51 PM | Computer Name = Kevin-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 5/24/2013 1:54:48 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 5/25/2013 3:11:53 PM | Computer Name = Kevin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 5/25/2013 3:11:59 PM | Computer Name = Kevin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
 
< End of report >
         
--- --- ---


und GMER:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-27 15:46:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0006 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\agloqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                           fffff80003200000 86 bytes [00, 00, 4D, 02, 43, 63, 56, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 648                                                           fffff80003200058 72 bytes [C0, F3, 81, 10, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess            0000000076fafb08 5 bytes JMP 0000000105490676
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19               0000000075d91851 7 bytes JMP 00000001054902ee
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257          0000000075d94342 7 bytes JMP 00000001054903d0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81               0000000075d94a10 7 bytes JMP 00000001054904b2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19              0000000075dad9c3 7 bytes JMP 000000010549012a
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92  0000000075daeb7d 7 bytes JMP 000000010549020c
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx          00000000752a3e6b 5 bytes JMP 0000000105490594
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2684] C:\Windows\syswow64\ole32.DLL!CoCreateInstance + 62              0000000075669d49 7 bytes JMP 000000010549083a

---- Devices - GMER 2.1 ----

Device    \Driver\IDSVia64 \Device\SymIDSCo                                                                                            fffff88008818060

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d5e545                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955eaafb                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955eaafb@001fe4a38f6b                                     0xEF 0xA6 0x9F 0x9B ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955eaafb@2421ab16d539                                     0x5A 0x86 0x70 0xD5 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955eaafb@58170c99c4e1                                     0xBA 0xCB 0x34 0x5D ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955eaafb@9ce6e74cf021                                     0x74 0x3D 0x5C 0xD0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d5e545 (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955eaafb (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955eaafb@001fe4a38f6b                                         0xEF 0xA6 0x9F 0x9B ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955eaafb@2421ab16d539                                         0x5A 0x86 0x70 0xD5 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955eaafb@58170c99c4e1                                         0xBA 0xCB 0x34 0x5D ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955eaafb@9ce6e74cf021                                         0x74 0x3D 0x5C 0xD0 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---


Ich habe mir die anderen Threads angeschaut und mein Rechner dann mit defogger auch checken lassen, aber defogger wurde auch nicht fündig:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:05 on 27/05/2013 (Kevin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Dazu habe ich heute morgen bei mir in Programme geschaut, ob ich irgendwelche skurrile Software finde. Ich habe letztenendes nur Bing Bar und Java 6 deinstalliert.

Das einzige was nun nicht mehr funktioniert nach dem ich Norton wieder angeschaltet habe ist meine Intrusion Protection bei Norton. Liegt das vielleicht an defogger?

Vielen Dank im Vorraus und ich hoffe ihr könnt mir weiterhelfen.

Kman

Geändert von Kman112 (27.05.2013 um 17:14 Uhr)

Alt 27.05.2013, 17:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 27.05.2013, 17:45   #3
Kman112
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Hi,

nein die Prüfungen durch Norton Antivirus, Trend Micro Housecall und Malwarebytes waren alle nicht fündig geworden. Möchtest Du nichtsdestotrotz die drei frühere Prüfungen ohne Fünde sehen?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kevin :: KEVIN-PC [Administrator]

Schutz: Aktiviert

5/27/2013 12:30:36 AM
mbam-log-2013-05-27 (00-30-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 544259
Laufzeit: 2 Stunde(n), 8 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kevin :: KEVIN-PC [Administrator]

Schutz: Aktiviert

5/27/2013 7:31:09 AM
mbam-log-2013-05-27 (07-31-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241659
Laufzeit: 11 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kevin :: KEVIN-PC [Administrator]

Schutz: Aktiviert

5/27/2013 4:07:40 PM
mbam-log-2013-05-27 (16-07-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241231
Laufzeit: 9 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Die Logfile bei meiner Ursprungsanfrage ist die aktuellste Version. Ich habe gegen 16:07 nochmal geprüft (ohne Fund) und dann gemerkt ich sollte Malwarebytes aktualisieren was ich gemacht habe und meine Anfrage dann mit dem aktuellsten Ergebnis schnell editiert.

Verzeihung wegen der Zitaten anstatt Codes!

Kman
__________________

Geändert von Kman112 (27.05.2013 um 17:56 Uhr) Grund: hier die logfiles als code!

Alt 27.05.2013, 21:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Du hast da jetzt nur Logs ohne Funde gepostet, gab es denn überhaupt jemals Funde von Malwarebytes oder einem anderen Scanner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2013, 22:08   #5
Kman112
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



nein, ich habe mein Rechner mit Norton Antivirus, Trend Micro Housecall und auch Malwarebytes grundsätzlich geprüft und mir wird nichts angezeigt. Dennoch habe ich ab und an e.ligatus.com zu sehen bekommen ohne jeglichen Grund - heute allerdings nicht.

Es stört mich trotzdem, dass diese Seite ab und an bei mir hoch kommt. Ich nutze mein Rechner nicht nur für normales Surfing sondern auch für Online Banking und andere Sachen wo gewisse private Information mitgeteilt werden muss. Es wäre schon schade, wenn diese Seite Keystrokes checkt und die Information weiterleitet.

Ihr habt in letzter Zeit einige Posts zu genau diesem Thematik gehabt. Habt ihr irgendwas an Nachforschung gemacht? Ich habe irgendwie das Gefühl es liegt möglicherweise an ICQ.


Alt 27.05.2013, 22:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> e.ligatus.com taucht bei mir in Internet Explorer auch auf

Alt 26.01.2014, 17:41   #7
Kman112
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Hi Cosinus,

würdest Du dieser Thread bitte zur Löschung freigeben? Ich habe ICQ 7 gelöscht und das Problem habe ich seither nicht mehr gehabt.

Vielen Dank im Voraus,

Kman

Alt 27.01.2014, 12:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
e.ligatus.com taucht bei mir in Internet Explorer auch auf - Standard

e.ligatus.com taucht bei mir in Internet Explorer auch auf



Wir löschen keine Threads.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu e.ligatus.com taucht bei mir in Internet Explorer auch auf
amerika, antivirus, bho, bonjour, browser.exe, diner dash, error, excel, failed, fehler, firefox, flash player, google, helper, home, homepage, iexplore.exe, igdpmd64.sys, install.exe, internet, internet explorer, launch, logfile, mozilla, ntdll.dll, object, realtek, registry, richtlinie, security, software, symantec, warnung



Ähnliche Themen: e.ligatus.com taucht bei mir in Internet Explorer auch auf


  1. BKA Virus auf Android 4.1.1 taucht immer wieder auf! Auch nach Full-Wipe
    Smartphone, Tablet & Handy Security - 06.06.2015 (8)
  2. Auch nach Löschung taucht Trojaner wieder auf
    Log-Analyse und Auswertung - 06.04.2015 (21)
  3. Internet Explorer 9 ist sehr langsam und schliesst jetzt auch selber
    Log-Analyse und Auswertung - 13.12.2014 (13)
  4. Windows 7 Internet Explorer langsam Internet Explorer reagiert lahm oder gar nicht
    Log-Analyse und Auswertung - 28.05.2014 (15)
  5. Windows explorer funktioniert erst nicht, dann taucht überall Werbung auf.
    Log-Analyse und Auswertung - 19.05.2014 (3)
  6. Zero-Day-Lücke in Internet Explorer: Microsoft patcht außerplanmäßig - auch Windows XP
    Nachrichten - 02.05.2014 (0)
  7. Absturz Internet Explorer und Firefox gelegendlich auch mit Bluescreen Win7/SP1
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (16)
  8. ChatZum taucht in chrome und Internet Explorer immer als Startseite auf.
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (7)
  9. Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (7)
  10. Google umging auch die Cookie-Einstellungen des Internet Explorer
    Nachrichten - 21.02.2012 (0)
  11. ^Neue Windows-Lücke auch über Internet Explorer ausnutzbar
    Nachrichten - 23.12.2011 (0)
  12. Probleme mit internet explorer: C:\Programm files\Internet Explorer\iexplorer.exe ist keine Win 32 A
    Log-Analyse und Auswertung - 19.09.2011 (1)
  13. Internet Explorer 2 x im Taskmanager und Internet-Explorer + System furchtbar langsam
    Log-Analyse und Auswertung - 24.09.2010 (7)
  14. Werbung taucht die ganze Zeit beim Internet Explorer auf und Installationsprogramm!
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (1)
  15. Pwn2own: iPhone gehackt - Internet Explorer 8, Firefox und Safari auch
    Nachrichten - 25.03.2010 (0)
  16. Firefox öffnet ständig neue Fenster und Internet Explorer dreht auch durch
    Log-Analyse und Auswertung - 08.01.2010 (13)
  17. auch ständige Popups bei Internet-Explorer und Mozilla
    Log-Analyse und Auswertung - 23.06.2006 (3)

Zum Thema e.ligatus.com taucht bei mir in Internet Explorer auch auf - Hallo zusammen, ab und an wird bei mir auch ein neues und leeres IE Fenster geöffnet mit der URL e.ligatus.com. Ich habe es erstmal ignoriert, da ich ICQ7M stetig im - e.ligatus.com taucht bei mir in Internet Explorer auch auf...
Archiv
Du betrachtest: e.ligatus.com taucht bei mir in Internet Explorer auch auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.