| |  Fund : ADWARE/InstallRex.Gen + TR/Urausy.11059264
 Hallo liebes Trojaner Board Team.
Als ich heute meinen PC mit AntiVir ( Letztes Update : 22.06.2013 )
mit den Einstellungen die hier im Forum an anderer stelle gennant wurden, gescannt habe.
( Anleitung: Avira Antivir - Agressive Einstellungen )
Erhielt ich folgende Funde : ADWARE/InstallRex.Gen + TR/Urausy.11059264
AntiVir Logfile : Zitat:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 22. Juni 2013 16:28
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : VARIM-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 06.05.2013 11:36:53
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.03.2013 13:56:49
LUKE.DLL : 13.6.0.1262 65080 Bytes 06.05.2013 11:36:59
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 06.05.2013 11:36:54
AVREG.DLL : 13.6.0.1262 247864 Bytes 06.05.2013 11:36:53
avlode.dll : 13.6.2.1262 432184 Bytes 06.05.2013 11:36:53
avlode.rdf : 13.0.1.18 26349 Bytes 21.06.2013 20:00:38
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:14:18
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:07:58
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:51:37
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 20:00:35
VBASE004.VDF : 7.11.85.215 2048 Bytes 21.06.2013 20:00:35
VBASE005.VDF : 7.11.85.216 2048 Bytes 21.06.2013 20:00:35
VBASE006.VDF : 7.11.85.217 2048 Bytes 21.06.2013 20:00:35
VBASE007.VDF : 7.11.85.218 2048 Bytes 21.06.2013 20:00:35
VBASE008.VDF : 7.11.85.219 2048 Bytes 21.06.2013 20:00:35
VBASE009.VDF : 7.11.85.220 2048 Bytes 21.06.2013 20:00:35
VBASE010.VDF : 7.11.85.221 2048 Bytes 21.06.2013 20:00:35
VBASE011.VDF : 7.11.85.222 2048 Bytes 21.06.2013 20:00:35
VBASE012.VDF : 7.11.85.223 2048 Bytes 21.06.2013 20:00:35
VBASE013.VDF : 7.11.85.224 2048 Bytes 21.06.2013 20:00:35
VBASE014.VDF : 7.11.85.225 2048 Bytes 21.06.2013 20:00:35
VBASE015.VDF : 7.11.85.226 2048 Bytes 21.06.2013 20:00:35
VBASE016.VDF : 7.11.85.227 2048 Bytes 21.06.2013 20:00:35
VBASE017.VDF : 7.11.85.228 2048 Bytes 21.06.2013 20:00:35
VBASE018.VDF : 7.11.85.229 2048 Bytes 21.06.2013 20:00:35
VBASE019.VDF : 7.11.85.230 2048 Bytes 21.06.2013 20:00:35
VBASE020.VDF : 7.11.85.231 2048 Bytes 21.06.2013 20:00:35
VBASE021.VDF : 7.11.85.232 2048 Bytes 21.06.2013 20:00:35
VBASE022.VDF : 7.11.85.233 2048 Bytes 21.06.2013 20:00:35
VBASE023.VDF : 7.11.85.234 2048 Bytes 21.06.2013 20:00:35
VBASE024.VDF : 7.11.85.235 2048 Bytes 21.06.2013 20:00:35
VBASE025.VDF : 7.11.85.236 2048 Bytes 21.06.2013 20:00:35
VBASE026.VDF : 7.11.85.237 2048 Bytes 21.06.2013 20:00:36
VBASE027.VDF : 7.11.85.238 2048 Bytes 21.06.2013 20:00:36
VBASE028.VDF : 7.11.85.239 2048 Bytes 21.06.2013 20:00:36
VBASE029.VDF : 7.11.85.240 2048 Bytes 21.06.2013 20:00:36
VBASE030.VDF : 7.11.85.241 2048 Bytes 21.06.2013 20:00:36
VBASE031.VDF : 7.11.86.66 154624 Bytes 22.06.2013 11:33:19
Engineversion : 8.2.12.66
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 16:37:37
AESCRIPT.DLL : 8.1.4.124 487806 Bytes 21.06.2013 20:00:38
AESCN.DLL : 8.1.10.4 131446 Bytes 28.03.2013 13:56:24
AESBX.DLL : 8.2.5.12 606578 Bytes 28.03.2013 13:56:24
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 16:37:37
AEPACK.DLL : 8.3.2.24 749945 Bytes 21.06.2013 20:00:38
AEOFFICE.DLL : 8.1.2.60 205181 Bytes 19.06.2013 03:59:03
AEHEUR.DLL : 8.1.4.426 5951866 Bytes 21.06.2013 20:00:37
AEHELP.DLL : 8.1.27.2 266617 Bytes 04.06.2013 18:18:13
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 16:24:53
AEEXP.DLL : 8.4.0.34 201079 Bytes 04.06.2013 18:18:16
AEEMU.DLL : 8.1.3.2 393587 Bytes 28.03.2013 13:56:17
AECORE.DLL : 8.1.31.2 201080 Bytes 28.03.2013 13:56:17
AEBB.DLL : 8.1.1.4 53619 Bytes 28.03.2013 13:56:17
AVWINLL.DLL : 13.6.0.480 26480 Bytes 28.03.2013 13:54:27
AVPREF.DLL : 13.6.0.480 51056 Bytes 28.03.2013 13:56:48
AVREP.DLL : 13.6.0.480 178544 Bytes 28.03.2013 13:57:28
AVARKT.DLL : 13.6.0.1262 258104 Bytes 06.05.2013 11:36:50
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 06.05.2013 11:36:53
SQLITE3.DLL : 3.7.0.1 397704 Bytes 28.03.2013 13:57:17
AVSMTP.DLL : 13.6.0.480 62832 Bytes 28.03.2013 13:56:50
NETNT.DLL : 13.6.0.480 16240 Bytes 28.03.2013 13:57:10
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.03.2013 13:54:27
RCTEXT.DLL : 13.6.0.976 69344 Bytes 28.03.2013 13:54:27
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Samstag, 22. Juni 2013 16:28
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'atkexComSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaHMSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsSysCtrlService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'dtsrvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'IProsetMonitor.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdisrvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsRoutineController.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '200' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'AI Suite II.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlertHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'wpctrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'floater.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'isuspm.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'agent.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2801' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Varim\AppData\Local\Temp\c7r_8S7x.exe.part
[FUND] Ist das Trojanische Pferd TR/Urausy.11059264
C:\Users\Varim\AppData\Local\Temp\hZvL4Pem.exe.part
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallRex.Gen
Beginne mit der Suche in 'G:\' <Volume>
Beginne mit der Desinfektion:
C:\Users\Varim\AppData\Local\Temp\hZvL4Pem.exe.part
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallRex.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ad261de.qua' verschoben!
C:\Users\Varim\AppData\Local\Temp\c7r_8S7x.exe.part
[FUND] Ist das Trojanische Pferd TR/Urausy.11059264
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42494e56.qua' verschoben!
Ende des Suchlaufs: Samstag, 22. Juni 2013 17:28
Benötigte Zeit: 55:36 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
31884 Verzeichnisse wurden überprüft
920563 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
920561 Dateien ohne Befall
8178 Archive wurden durchsucht
0 Warnungen
2 Hinweise
745672 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
| defogger_disable Logfile Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:36 on 22/06/2013 (Varim)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| OTL Logfile Zitat:
OTL logfile created on: 22.06.2013 17:45:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Varim\Desktop\Stephan
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 65,11% Memory free
15,95 Gb Paging File | 13,03 Gb Available in Paging File | 81,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,04 Gb Total Space | 337,64 Gb Free Space | 71,83% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 461,37 Gb Total Space | 182,47 Gb Free Space | 39,55% Space Free | Partition Type: NTFS
Computer Name: VARIM-PC | User Name: Varim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.22 17:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Varim\Desktop\Stephan\OTL.exe
PRC - [2013.05.23 18:59:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.06 13:36:53 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013.05.06 13:36:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.06 13:36:51 | 000,330,976 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2013.03.28 15:57:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 15:56:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.12 16:56:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.26 13:01:18 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2011.05.24 21:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011.05.05 16:44:42 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010.11.26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.09.24 22:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010.05.13 17:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
PRC - [2010.05.13 17:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
PRC - [2009.04.24 18:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2004.04.23 20:03:06 | 000,446,464 | ---- | M] (InstallShield Software Corporation) -- C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.23 18:59:40 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.20 10:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011.05.16 18:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011.05.06 17:53:38 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011.04.07 18:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011.02.24 11:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011.01.07 17:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010.12.03 17:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010.08.06 19:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.06 19:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010.05.13 17:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
MOD - [2010.05.13 17:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
MOD - [2009.08.12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.04.24 18:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
MOD - [2009.04.24 17:03:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorGerRes.dll
MOD - [2009.04.24 17:03:22 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll
MOD - [2009.04.24 17:03:14 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHOOK.dll
MOD - [2009.04.24 17:03:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll
MOD - [2009.04.24 17:03:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll
MOD - [2009.04.24 17:03:10 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010.08.12 16:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 12:43:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.23 18:59:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.28 15:57:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 15:56:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.12 16:56:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.05.26 13:01:18 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC)
SRV - [2011.05.05 16:44:42 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.10 13:30:31 | 000,030,112 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013.04.03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.03.28 15:57:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 15:57:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 15:57:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.05 16:44:20 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.08.10 11:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.02.09 11:14:52 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.04.24 17:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009.04.24 17:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 23 88 33 C7 E5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{59DA59F3-6AFE-494E-9221-9CF4910A40C5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{DAA9C627-0999-4359-B545-AD65F875BA0B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F9957157-40FF-43BE-ADF3-1EBA5A112095&apn_sauid=435D75E9-B8F4-4C8D-941E-37D24262AC24
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20130618
FF - prefs.js..network.proxy.ftp: "95.172.68.150"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "95.172.68.150"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "95.172.68.150"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:59:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.23 23:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.02.08 20:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\Extensions
[2013.06.22 16:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\Firefox\Profiles\ovk9s0lw.default-1350059165140\extensions
[2013.05.30 00:28:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Varim\AppData\Roaming\mozilla\Firefox\Profiles\ovk9s0lw.default-1350059165140\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.06.22 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\Firefox\Profiles\ovk9s0lw.default-1350059165140\extensions\staged
[2013.06.19 05:58:54 | 002,494,702 | ---- | M] () (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\firefox\profiles\ovk9s0lw.default-1350059165140\extensions\nasanightlaunch@example.com.xpi
[2013.04.15 17:36:29 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\firefox\profiles\ovk9s0lw.default-1350059165140\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2013.05.09 18:35:21 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\firefox\profiles\ovk9s0lw.default-1350059165140\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.22 16:46:59 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Varim\AppData\Roaming\mozilla\firefox\profiles\ovk9s0lw.default-1350059165140\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.23 18:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 18:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.23 18:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 18:59:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Varim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Varim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A177DC9-48D2-4A9A-86EB-3C0FF126CB4A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72289FA8-B5E8-47FE-9740-676C793458EE}: NameServer = 217.0.43.161 217.0.43.177
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\Age of Conan Quick Start\aoclaunch.exe (0xF30FC7)
O27:64bit: - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\Age of Conan Quick Start\aoclaunch.exe (0xF30FC7)
O27 - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\Age of Conan Quick Start\aoclaunch.exe (0xF30FC7)
O27 - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\Age of Conan Quick Start\aoclaunch.exe (0xF30FC7)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.15 10:20:36 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{941d6799-3982-11e1-9b40-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{941d6799-3982-11e1-9b40-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2007.02.28 04:23:41 | 000,537,332 | R--- | M] (THQ )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.22 15:57:24 | 000,000,000 | ---D | C] -- C:\Users\Varim\Desktop\Stephan
[2013.06.02 16:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.05.23 23:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.23 18:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.22 17:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.22 17:36:16 | 000,000,000 | ---- | M] () -- C:\Users\Varim\defogger_reenable
[2013.06.22 13:39:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 13:39:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 13:36:50 | 001,647,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.22 13:36:50 | 000,708,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.22 13:36:50 | 000,662,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.22 13:36:50 | 000,154,136 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.22 13:36:50 | 000,126,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.22 13:32:41 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.22 13:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.22 13:32:30 | 2129,260,543 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 09:03:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.06.13 06:56:12 | 001,624,720 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.02 17:20:17 | 000,012,993 | ---- | M] () -- C:\Users\Varim\Desktop\ts3server_win64.exe - Verknüpfung.lnk
[2013.06.02 16:35:37 | 000,000,935 | ---- | M] () -- C:\Users\Varim\Desktop\TeamSpeak 3 Client.lnk
[2013.06.02 16:35:30 | 000,001,003 | ---- | M] () -- C:\Users\Varim\Desktop\DUC 3.0.lnk
[2013.05.31 14:59:25 | 000,000,856 | ---- | M] () -- C:\Users\Varim\Desktop\HWiNFO64 Program.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.22 17:36:16 | 000,000,000 | ---- | C] () -- C:\Users\Varim\defogger_reenable
[2013.06.22 09:03:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.06.02 16:35:37 | 000,000,935 | ---- | C] () -- C:\Users\Varim\Desktop\TeamSpeak 3 Client.lnk
[2013.06.02 16:35:30 | 000,001,003 | ---- | C] () -- C:\Users\Varim\Desktop\DUC 3.0.lnk
[2013.06.02 16:34:29 | 000,012,993 | ---- | C] () -- C:\Users\Varim\Desktop\ts3server_win64.exe - Verknüpfung.lnk
[2013.04.10 10:07:16 | 000,007,393 | ---- | C] () -- C:\Users\Varim\AppData\Local\recently-used.xbel
[2013.02.05 15:35:25 | 000,000,353 | ---- | C] () -- C:\Users\Varim\SciTE.session
[2012.12.15 19:36:29 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.15 19:36:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.13 16:06:00 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012.12.01 11:06:36 | 001,012,848 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.11.29 20:10:21 | 000,000,093 | ---- | C] () -- C:\Users\Varim\AppData\Local\fusioncache.dat
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.07.09 21:42:19 | 000,000,484 | RHS- | C] () -- C:\Users\Varim\ntuser.pol
[2012.05.05 12:40:23 | 000,003,584 | ---- | C] () -- C:\Users\Varim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.26 11:36:09 | 000,000,213 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.02.21 12:14:37 | 001,624,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.11 20:50:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2012.01.11 20:50:38 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.01.11 20:50:14 | 000,002,669 | ---- | C] () -- C:\Windows\cmudax3.ini
[2012.01.11 20:50:14 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.01.11 20:50:14 | 000,000,743 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.01.08 00:49:24 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.08 00:49:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.07 19:56:34 | 000,042,733 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.07 18:20:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.07 18:20:22 | 000,027,536 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.05.10 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\.minecraft
[2013.01.07 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Amazon
[2013.01.01 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Auslogics
[2012.01.18 21:13:06 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\BigHugeEngine
[2012.06.01 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Canneverbe Limited
[2012.12.13 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\DisplayTune
[2013.05.09 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\DVDVideoSoft
[2013.04.07 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Locktime
[2013.02.12 17:08:05 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Mael
[2013.05.11 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Might & Magic Heroes VI
[2013.01.18 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\mp3DirectCut
[2013.04.22 18:11:12 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\NetSpeedMonitor
[2012.02.01 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\OpenOffice.org
[2013.02.08 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Origin
[2012.12.13 09:06:08 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\rockbox.org
[2012.12.11 19:28:20 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\SanDisk
[2013.04.29 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\The Creative Assembly
[2012.11.25 16:33:02 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\TheLastRipper
[2012.01.07 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\Thunderbird
[2013.06.02 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\TS3Client
[2012.01.08 16:05:36 | 000,000,000 | ---D | M] -- C:\Users\Varim\AppData\Roaming\ts3overlay
========== Purity Check ==========
< End of report >
| Zitat:
OTL Extras logfile created on: 22.06.2013 17:45:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Varim\Desktop\Stephan
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 65,11% Memory free
15,95 Gb Paging File | 13,03 Gb Available in Paging File | 81,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470,04 Gb Total Space | 337,64 Gb Free Space | 71,83% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 461,37 Gb Total Space | 182,47 Gb Free Space | 39,55% Space Free | Partition Type: NTFS
Computer Name: VARIM-PC | User Name: Varim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02744B66-789C-489C-B1DD-73809A15A812}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8100B852-9451-4D6D-86F6-CF6578DAAC43}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03275F8A-E3D0-4143-BA75-130EAA997C92}" = protocol=17 | dir=in | app=g:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{03496257-0C49-45E6-B8FA-3EEBEF7B5630}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{0D8BA2AD-3BDD-423A-95C4-6BBB87FB0393}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{10A485CC-B0A1-4848-80D5-CE9ABFEFB733}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\skyrim\creationkit.exe |
"{16D46980-4B71-4096-B0BB-B02E88A0DCF3}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{17A40BDC-9C63-405E-9663-442A0AA630BA}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{1F0A0AE8-8D03-4938-A357-7714238F3058}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2166A160-F7C8-4BBA-BBB0-2790BABD791F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{219CE1FC-63AA-4521-946C-3640ECA757E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{22761BFF-2B18-475C-9205-387481C38817}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28D845C5-3CB0-400C-813B-35FB303DF434}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{28F315EC-2789-427E-B478-34D5CCF07BA8}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{2DCF36C4-1AA4-49E6-8603-FA85B7490E3C}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{2F12852C-81BE-414E-9FB0-B8F75339A3C2}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{3419626E-DBE2-49C2-AEB6-5C8E58834E26}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\skyrim\creationkit.exe |
"{34347F93-95C3-4599-BE40-79197D172E8C}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{37682E24-7300-497B-8D82-443D2FFDF7A2}" = protocol=17 | dir=in | app=c:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe |
"{3E75508E-1A09-4E1C-8FD3-2A5E664F7769}" = protocol=6 | dir=in | app=g:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{3F28235F-D310-4202-9859-071E45B558BF}" = dir=in | name=youtubecdn |
"{41AA0E59-E914-44E6-B758-15AB9499DB47}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{41C88C37-DCA9-43DB-9FF1-E2394491523E}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{499FB1C1-91BD-4540-B641-6BDE88AF64FF}" = protocol=17 | dir=in | app=g:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{5E316B28-8532-418C-A0B0-696E8D0C890E}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{64123F62-8895-4A1F-9972-F65794A274FE}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{6943C944-A0F0-4328-A671-FE4227326EED}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{6C8B7A7A-5C4E-4063-B60D-CD1BB826CB46}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6F57C159-4272-4902-A268-BA64EC42DA02}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{73FE9FC1-F9B4-49CC-8958-3D18A4EEB879}" = protocol=6 | dir=in | app=c:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe |
"{75E55446-3C30-42A6-96E6-45580134CA9A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{77B55635-6E66-4D9E-A89A-C1A9A41E6537}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"{7CEA87C8-3C1F-43F7-896B-95D65DFB1402}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\the witcher 2\launcher.exe |
"{7DF4F940-B459-4215-8C13-DE8B67F3D8C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{84AFF8CA-D3B6-49D8-89BB-A88F1EEC96D5}" = protocol=6 | dir=in | app=g:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe |
"{875511B3-7706-4D09-B387-6B8669343EC7}" = protocol=17 | dir=in | app=c:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe |
"{8758C2E4-9CA9-4467-BAB6-09F3AD8DBE50}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{8AA2CD20-AF93-4040-A33B-37DE93C31496}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{8AA81F2F-B742-4D79-8748-6FA6C1C9D16E}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{8AF695B2-F459-40EE-8685-75EE35C47B79}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe |
"{90A2B826-9972-4AC9-A10F-286FBFDD8C9E}" = protocol=6 | dir=in | app=g:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{922AA698-2BDB-45C0-B05F-C2621F34ED3C}" = protocol=17 | dir=in | app=c:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe |
"{93357E22-B80C-472F-8C6E-7952AA20F4F2}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\the walking dead\walkingdead101.exe |
"{937EC8E9-FCEF-4F6E-A5CE-960F53496E2D}" = protocol=58 | dir=in | app=system |
"{9B9ED9CE-1D56-45F7-86D7-8C23B23DB7FB}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{9F680C18-5C0B-4198-A704-95464C7CE9ED}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\the witcher 2\launcher.exe |
"{A101663B-16DE-4270-929F-848E3A9CE0F1}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe |
"{A1FD1267-6BA5-450A-B931-982DCD63D1FC}" = protocol=6 | dir=in | app=g:\games\diablo 3\diablo iii\diablo iii.exe |
"{A8FBED34-23ED-4544-9F6E-3F384D73E5A6}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{AF9B14E7-7A6A-4AE4-9DBE-AC374C40DF22}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B115E271-4D71-4CC9-AA19-DD0E2D5523C4}" = protocol=6 | dir=in | app=c:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe |
"{B47B7EC9-0DC0-47FA-8A5A-7D785585CB07}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{B484A9CB-45A3-4379-B062-C7FAF63D1CA7}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"{C51B018B-D38B-4B33-B7DD-9BE1CD688573}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C9DDBCD5-C87E-428B-BCC5-9055BC098903}" = protocol=6 | dir=in | app=g:\games\deadspace\dead space 3\deadspace3.exe |
"{CBDF8BA2-4380-4438-AC13-77964F3277D1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DE8F428A-DF4E-400E-8609-633094446F5B}" = protocol=17 | dir=in | app=g:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe |
"{E0D215E5-9E3F-4482-88AB-1C90C69F6C26}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E3F3F668-9AEA-4655-844D-FB5E02CEF332}" = protocol=17 | dir=in | app=g:\games\deadspace\dead space 3\deadspace3.exe |
"{EAC061B1-BBAC-487B-BB32-4FCBD108844D}" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{F030AEF3-1D56-4B8F-8281-51FB6F41D508}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F1FC0474-F7FB-4D6E-B2BA-4CB15E7E99E1}" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\the walking dead\walkingdead101.exe |
"{F3BC33E2-A026-40F2-80BA-8CF7E4B8F45E}" = protocol=6 | dir=in | app=c:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe |
"{F9833B5D-02F0-4B1D-A619-AE360A2B2A99}" = protocol=17 | dir=in | app=g:\games\diablo 3\diablo iii\diablo iii.exe |
"TCP Query User{17F95913-D415-4964-B497-55839797865B}C:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{247BA95E-C650-415B-B4E3-C3B747914171}C:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{4969A59C-EB0C-406F-9E4C-9E3706CCF842}G:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe |
"TCP Query User{4EF11FB2-6C3F-4C34-B57E-7EF2311DE529}C:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{50CB6EAF-F55D-4D08-81A4-EEB7C935C771}G:\games\diablo 3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=g:\games\diablo 3\diablo iii\diablo iii.exe |
"TCP Query User{8EF296F6-1A90-4465-B000-E7F589E87B41}G:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=g:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe |
"TCP Query User{B60E18FF-0145-492A-B904-48095F7FF3A1}G:\games\gw2\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\gw2\guild wars 2\gw2.exe |
"TCP Query User{C9EAFB31-F9CF-4856-B234-5EEBD0BC1850}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{CAC7C187-00D7-4FED-918C-4389A9A762DF}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{0E02EE5C-BE16-4B42-BC4D-6396E5CD1DDF}G:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=g:\programm steam\steamapps\common\lord of the rings online\lotroclient.exe |
"UDP Query User{27CF0081-BE86-4377-BB0D-05E66762AB3A}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{65697ACD-F8AA-401C-922F-71BC68D4F209}C:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\varim\downloads\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{B0B68728-5F39-4667-8919-D767EFB0115F}C:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\varim\downloads\neverwinter\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{B72D839F-8B64-476D-A842-37E1272B0863}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{B826E3A0-EA0D-4657-8990-85278C884646}G:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=g:\games\deadspace\crysis 2 maximum edition\bin32\crysis2.exe |
"UDP Query User{D3326EF5-4204-4371-8710-3BA68D61E4D7}G:\games\diablo 3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=g:\games\diablo 3\diablo iii\diablo iii.exe |
"UDP Query User{F67C3D14-7BE0-4215-85BD-BE3FD331B2F5}C:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\varim\downloads\teamspeak 3\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{F83D63AD-B31F-4B40-A79B-1DE0455BEC5E}G:\games\gw2\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\gw2\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Trust 5.1 Soundcard 14319
"GIMP-2_is1" = GIMP 2.8.0
"HWiNFO64_is1" = HWiNFO64 Version 4.16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F2BD974-EEF2-4199-8C00-EFB82AD46D79}_is1" = Age of Conan Quick Start 2.7.0
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DA899085-5492-4320-98BF-4F3ACEB23E01}" = SlimDX Redistributable for .NET 4.0 (March 2011)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.08.00.8025
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"Age of Conan_is1" = Age of Conan: Hyborian Adventures
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"BOSS" = BOSS
"Diablo III" = Diablo III
"FormatFactory" = FormatFactory 2.80
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Guild Wars 2" = Guild Wars 2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"MagniDriver" = marvell 91xx driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"New Vegas Configator_is1" = New Vegas Configator version 1.6
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Security Task Manager" = Security Task Manager 1.8d
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Steam App 202480" = Creation Kit
"Steam App 207610" = The Walking Dead
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 220240" = Far Cry® 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 226980" = Pinball FX2
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 49520" = Borderlands 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TheLastRipper" = TheLastRipper 1.4
"TMM10R_7e54817b-4e14-40cc-a24d-e93708258972" = TELL ME MORE
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.3
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Wrye Bash" = Wrye Bash
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2013 15:17:38 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
Error - 19.06.2013 08:28:58 | Computer Name = Varim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.06.2013 10:23:22 | Computer Name = Varim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.06.2013 13:37:37 | Computer Name = Varim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 22.06.2013 01:12:05 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2013 01:12:05 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1248
Error - 22.06.2013 01:12:05 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1248
Error - 22.06.2013 01:12:07 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2013 01:12:07 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2496
Error - 22.06.2013 01:12:07 | Computer Name = Varim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2496
Error - 22.06.2013 08:07:55 | Computer Name = Varim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 22.06.2013 09:48:06 | Computer Name = Varim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ Media Center Events ]
Error - 09.06.2013 02:00:33 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 08:00:33 - Fehler beim Herstellen der Internetverbindung. 08:00:33
- Serververbindung konnte nicht hergestellt werden..
Error - 09.06.2013 02:01:05 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 08:01:02 - Fehler beim Herstellen der Internetverbindung. 08:01:02
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2013 01:28:12 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 07:28:12 - Fehler beim Herstellen der Internetverbindung. 07:28:12
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2013 01:28:45 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 07:28:42 - Fehler beim Herstellen der Internetverbindung. 07:28:42
- Serververbindung konnte nicht hergestellt werden..
Error - 18.06.2013 11:36:27 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 17:36:27 - Fehler beim Herstellen der Internetverbindung. 17:36:27
- Serververbindung konnte nicht hergestellt werden..
Error - 18.06.2013 11:37:00 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 17:36:56 - Fehler beim Herstellen der Internetverbindung. 17:36:56
- Serververbindung konnte nicht hergestellt werden..
Error - 20.06.2013 10:59:44 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 16:59:44 - Fehler beim Herstellen der Internetverbindung. 16:59:44
- Serververbindung konnte nicht hergestellt werden..
Error - 20.06.2013 11:00:18 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 17:00:13 - Fehler beim Herstellen der Internetverbindung. 17:00:13
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2013 10:02:37 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 16:02:36 - Fehler beim Herstellen der Internetverbindung. 16:02:36
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2013 10:03:11 | Computer Name = Varim-PC | Source = MCUpdate | ID = 0
Description = 16:03:06 - Fehler beim Herstellen der Internetverbindung. 16:03:06
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 22.06.2013 08:31:38 | Computer Name = Varim-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
< End of report >
| GMER Logfile Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-22 18:09:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC46 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Varim\AppData\Local\Temp\agloypod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074c61a22 2 bytes [C6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074c61ad0 2 bytes [C6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074c61b08 2 bytes [C6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074c61bba 2 bytes [C6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074c61bda 2 bytes [C6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
.text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
| Erbitte um Hilfe =)
|
22.06.2013, 17:23
Baum-Darstellung