| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes Anti-Malware Scan findet zwei VirenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.11.2013, 11:11
| #16 |
 |  Malwarebytes Anti-Malware Scan findet zwei Viren wie im Beitrag #11 durchgeführt wie im Beitrag #12 geschrieben – keine Rückmeldung; nur diese 2 Log’s aufgetaucht – s.h. Screenshot Nr.1 Startphase ( üb Frontscheinwerfer zu sehen) wie im Beitrag #13 den Fix mit Codeinhalt nochmals durchgeführt wie im Beitrag #14 geschrieben – keine Funktion … nur festgestellt die Doku-Änderung 8 Doku mit Endung.. doc 2 Doku mit Endung.. odt 1 Doku mit Endung.. tmp s.h. auch Sreenshot alle mit diesem Zeichen ~ im obersten Bildabschnitt |
|
27.11.2013, 14:57
| #17 |
| /// the machine /// TB-Ausbilder    | Malwarebytes Anti-Malware Scan findet zwei Viren Sind diese Dokumente auch leicht durchsichtig? Normalerweise ist das eine Kopie, wenn die Datei geöffnet ist.
__________________Kannst Du mit OTL einen Scan machne, mit dem gleichen CustomScan wie oben?
__________________ |
|
27.11.2013, 17:02
| #18 |
| | Malwarebytes Anti-Malware Scan findet zwei Viren wenn ich eine dieser Dokumente öffnen will – erscheint Screenshot Nr.1
__________________klicke ich „okay“ an – erscheint Screenshot Nr.2 die Dokumente sind nicht durchsichtig…UND die "Original-Dokumente" sind überhaupt nicht mehr vorhanden.. meinst Du den OTL Scan mit dem Codeinhalt aus Beitrag #13 nochmals durchführen …als Fix oder anders.. |
|
28.11.2013, 10:40
| #19 |
| /// the machine /// TB-Ausbilder | Malwarebytes Anti-Malware Scan findet zwei Viren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2013, 12:33
| #20 |
| | Malwarebytes Anti-Malware Scan findet zwei Viren Beitrag 8 nochmals durchgeführt als Normal-Fix und Quick-Fix Code:
ATTFilter OTL logfile created on: 28.11.2013 12:14:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michael\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,58% Memory free 6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 277,96 Gb Total Space | 140,65 Gb Free Space | 50,60% Space Free | Partition Type: NTFS Drive D: | 20,12 Gb Total Space | 11,23 Gb Free Space | 55,84% Space Free | Partition Type: FAT32 Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.11.25 09:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Downloads\OTL.exe PRC - [2013.11.06 02:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.11.06 02:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.10.23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013.10.23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013.10.09 16:13:42 | 000,836,160 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe PRC - [2013.10.09 16:13:42 | 000,166,976 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe PRC - [2013.10.09 16:13:40 | 001,233,472 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe PRC - [2013.10.09 16:10:06 | 001,667,584 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\Soluto\SolutoRemoteService.exe PRC - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.21 13:09:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.12.02 23:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2009.09.02 08:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2009.09.02 08:41:06 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.09 08:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.11.03 14:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.05.24 13:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.21 12:16:20 | 000,344,064 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.11.22 19:51:34 | 014,972,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\642ba04dfd0cf6b5a4bd768ab404eb4f\Kies.Theme.ni.dll MOD - [2013.11.22 19:51:33 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\9e97c3b33aa7fb9d900bca4f6d93ec9e\DummyStorePlugin.ni.dll MOD - [2013.11.22 19:51:32 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\dcd008a3fba48090b7a4e6e4a5e7b20a\DeviceStoryAlbum.ni.dll MOD - [2013.11.22 19:51:31 | 000,616,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\eeefdbf91e99a91bf0f1948d5fd68d87\DevicePodcast.ni.dll MOD - [2013.11.22 19:51:30 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3466f424f84c9d58703c8d49e3cec991\DeviceVideo.ni.dll MOD - [2013.11.22 19:51:29 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\f8e9e990d7da96e9307421d5a315b2c2\DevicePhoto.ni.dll MOD - [2013.11.22 19:51:28 | 000,308,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\330e21cf540e1aa133c80efc7eb9b134\DeviceMusic.ni.dll MOD - [2013.11.22 19:51:26 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\b6dbdf0a1deb9bb640437d640b42d4e9\VideoManager.ni.dll MOD - [2013.11.22 19:51:25 | 000,807,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\0c2f7492807cfcfe18ea06ce6acc909c\PhotoManager.ni.dll MOD - [2013.11.22 19:51:23 | 001,993,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8bdb875a966da6a46b121bb480b90510\Phonebook.ni.dll MOD - [2013.11.22 19:51:20 | 000,207,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\9a0aa4c727254e57018d6618310763d2\StoryAlbumManager.ni.dll MOD - [2013.11.22 19:51:19 | 000,945,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1199d9d5982b9c9e09a68ff0a5c8c709\MusicManager.ni.dll MOD - [2013.11.22 19:51:18 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\2cd3ab735bdeddcc09727d40c2c2d8a2\BATPlugin.ni.dll MOD - [2013.11.22 19:51:16 | 000,534,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\da4a656f5af4ca1cb53934034314853e\Kies.Common.MediaDB.ni.dll MOD - [2013.11.22 19:51:16 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\6e02e15174282cb0ddd24edfe74eb58b\Kies.Common.StoreManager.ni.dll MOD - [2013.11.22 19:51:15 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\2c2dbe86884ed4a0f6ad598beae9699f\Kies.Common.AllShare.ni.dll MOD - [2013.11.22 19:51:14 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c3d1340662ee751e8d733de79da14ebd\Kies.Common.DBManager.ni.dll MOD - [2013.11.22 19:51:13 | 000,110,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\6b1bd95506210a735156fd15f42262fa\Kies.Common.CRMManager.ni.dll MOD - [2013.11.22 19:51:12 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\269bf7229a2bdccf2fac6ae1f9514060\Podcaster.ni.dll MOD - [2013.11.22 19:51:10 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a6fc5e998baff5bb685990cb2d7eaac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.11.22 19:51:09 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\218d40e918840027f02f89b6286f3da6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.11.22 19:51:09 | 000,178,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4c137894061073dafac4b63132301fba\Interop.DevFileServiceLib.ni.dll MOD - [2013.11.22 19:51:08 | 000,581,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1b40bd018e69bfb3e081df88e2547003\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.11.22 19:51:07 | 001,226,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c4618a76c264bd85178296bb92391319\Kies.Common.DeviceService.ni.dll MOD - [2013.11.22 19:51:04 | 001,002,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\d785f2e0cdc6d8873b86b6b266a4913d\DeviceCommonLib.ni.dll MOD - [2013.11.22 19:51:03 | 000,750,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\ea8968244daac8c5873aa87235a7b49d\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.11.22 19:51:01 | 000,206,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\25bfc8f9251c5d14e0deeca8cb047efe\Kies.Common.MainUI.ni.dll MOD - [2013.11.22 19:50:54 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb36527133c6a9e51f53aab9ca2faabe\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.11.22 19:50:53 | 000,940,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\80b0d9d062e12555279d83988d066d4b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.11.22 19:50:51 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\97feb913f82b178f436c759ba72a827f\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.11.22 19:50:50 | 002,221,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\38aa59acafca02f45ea4a74f287bb68a\Kies.Common.Multimedia.ni.dll MOD - [2013.11.22 19:50:45 | 000,640,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6b9eaab90feb84cec955aa5d2e9c2e80\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.11.22 19:50:45 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\891822cfc054262435c02192bb220192\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.11.22 19:50:38 | 007,192,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\ab72498f92b57b4621fd64b22c85815d\DeviceHost.ni.dll MOD - [2013.11.22 19:50:29 | 000,315,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\2bcad8b67324e46ce281141cf9bb8043\Kies.Common.Util.ni.dll MOD - [2013.11.22 19:50:28 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\8d5eca0d35b2a052e3a117cdf708a252\Interop.DeviceSearchLib.ni.dll MOD - [2013.11.22 19:50:27 | 001,734,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c00186c7088636f481c1a2ec57faade5\Kies.Locale.ni.dll MOD - [2013.11.22 19:50:26 | 001,952,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\abbba0f399508efdbeaf78b2e2fa7b03\Kies.UI.ni.dll MOD - [2013.11.22 19:50:26 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\6f25a20174765872519f821c6c68bfda\Kies.MVVM.ni.dll MOD - [2013.11.22 19:50:22 | 001,288,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\12c56c6f281e94ee5ff88ecd3b72b8d5\Kies.Interface.ni.dll MOD - [2013.11.22 19:50:19 | 002,183,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\823d395f518a40bab1ba61d5bcca005b\Kies.ni.exe MOD - [2013.10.10 11:07:11 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\a3c7d703aac11b9613b4ec2b9499fe27\PCGPostBootResources.ni.dll MOD - [2013.10.10 11:07:10 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\d808faa10b1aea52e3ba7338b934faeb\PCGHIDProbe.ni.dll MOD - [2013.10.10 11:07:08 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\e2aedb04b2ecfadf9f3e25b37db2a7de\PCGRSPProbe.ni.dll MOD - [2013.10.10 11:07:06 | 000,210,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\a66c8fb1112a35ea5b167c63fc229762\PCGBootVisualizingCommon.ni.dll MOD - [2013.10.10 11:07:02 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\4b559204a51e98c622e88c9e59cff88c\PCGDriverProbe.ni.dll MOD - [2013.10.10 11:07:00 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\fea40edf5e90ea9176de6bb2b1ef5ad3\Community.CsharpSqlite.ni.dll MOD - [2013.10.10 11:06:57 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\cc61d922797993ad22d12f24cea26fd5\PCGWuInfo.ni.dll MOD - [2013.10.10 11:06:56 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\1cc564468f371f8f0209f230fa6679ec\Interop.IWshRuntimeLibrary.ni.dll MOD - [2013.10.10 11:06:54 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\ba911318808ac46ccaa23b7948d55485\PCGUsersCenter.ni.dll MOD - [2013.10.10 11:06:52 | 000,178,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\7d64c748a9d22e3d6e0b955b652081fa\PCGAppControlPluginLoader.ni.dll MOD - [2013.10.10 11:06:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\4869c29247a668106dbff885f8d0a69d\PCGConfiguration.ni.dll MOD - [2013.10.10 11:06:46 | 003,957,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\5801b3422fdecce9bebdd46a9e12d7af\PCGDatabase.ni.dll MOD - [2013.10.10 11:06:38 | 001,340,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\9c17f215c0729695bf3aef31d77889ad\PCGCommunication.ni.dll MOD - [2013.10.10 11:06:22 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\479e5c8c45c4c774cfe0534e5857421f\PCGAzureEntityFramework.ni.dll MOD - [2013.10.10 11:06:19 | 001,913,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\6f7fde1b6429e3f44aefa069fdaee688\PCGAzureShared.ni.dll MOD - [2013.10.10 11:06:16 | 004,574,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\5c49b4b7de8da145abcafc75e3751b82\PCGClientCommon.ni.dll MOD - [2013.10.10 11:05:57 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\76c2bd9ee1f5ffc30dc759f8724fdbeb\PCGPreCompiled.ni.dll MOD - [2013.10.10 11:05:53 | 000,267,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\deb9987f7dbcd4eac8a30a6219a38480\PCGPrestoSerializer.ni.dll MOD - [2013.10.10 11:05:52 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\162c64fffc7e69ab237b6486e3e5b3a7\Ionic.Zip.Reduced.ni.dll MOD - [2013.10.10 11:05:51 | 002,128,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\c7d17aafbcdcc3aa47f35d53f325bda8\Newtonsoft.Json.Net35.ni.dll MOD - [2013.10.10 11:05:38 | 003,312,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\f378fe18493c7c17e85418e8d33cce5e\PCGFramework.ni.dll MOD - [2013.10.10 11:05:31 | 001,725,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\f4e66fb093ea6066de39f10c73d7fd0b\Soluto.ni.exe MOD - [2013.10.09 20:20:03 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll MOD - [2013.10.09 16:10:06 | 000,077,376 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll MOD - [2013.10.09 12:41:06 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll MOD - [2013.10.09 12:40:49 | 002,518,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\3815d0ee28da0b5a6e6c1f083ef437f6\System.Data.Linq.ni.dll MOD - [2013.10.09 12:40:34 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll MOD - [2013.10.09 04:45:31 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\6cfb6056dfe610b88af47c21a80026b7\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.10.09 04:39:45 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll MOD - [2013.10.09 04:39:29 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll MOD - [2013.10.09 04:39:18 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll MOD - [2013.10.09 04:39:09 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll MOD - [2013.10.09 04:39:01 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll MOD - [2013.08.15 08:08:25 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1bf91944c0a39048bb079c5d81f90529\System.Runtime.Serialization.ni.dll MOD - [2013.08.15 08:07:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll MOD - [2013.08.15 08:07:44 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll MOD - [2013.08.14 16:13:23 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll MOD - [2013.08.14 16:10:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll MOD - [2013.08.14 16:01:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll MOD - [2013.08.14 15:11:15 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll MOD - [2013.08.14 15:09:45 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll MOD - [2013.08.14 15:08:50 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f17c7bc239be0eb7661cbcd3cff1ea16\System.Runtime.Remoting.ni.dll MOD - [2013.08.14 15:08:27 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll MOD - [2013.08.14 15:04:10 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll MOD - [2013.08.14 15:04:04 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll MOD - [2013.07.21 23:58:41 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013.07.21 23:58:40 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013.07.12 08:20:48 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0cd09e4839a2bfe65311191d2e61c698\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.07.12 08:20:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\be9d4a331a41a83465c56b735845c86b\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.07.12 08:20:46 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\a474771ad225ef2b83d38a86a160ed53\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.07.12 08:20:15 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\abebd90a3673cde0cd3a1b81a9f18f86\CabLib.ni.dll MOD - [2013.07.12 01:24:04 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2cd2c82bbe22932ed5b4d51c3b5059eb\CustomMarshalers.ni.dll MOD - [2013.07.11 16:37:56 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013.07.11 16:21:13 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll MOD - [2012.10.08 12:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.02.22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2009.06.27 18:14:15 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.03.21 12:16:20 | 000,344,064 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe MOD - [2007.08.27 12:44:58 | 000,049,152 | ---- | M] () -- C:\Program Files\ScanWizard 5\Scanners\Mphase32.dll MOD - [2007.01.05 13:05:20 | 000,249,856 | ---- | M] () -- C:\Program Files\ScanWizard 5\SFRes.dll MOD - [2005.05.04 14:26:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ScanWizard 5\Scanners\MS32RES.DLL ========== Services (SafeList) ========== SRV - [2013.11.16 02:04:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.11.14 11:07:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.10.23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.10.09 16:13:42 | 000,836,160 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService) SRV - [2013.10.09 16:13:42 | 000,166,976 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService) SRV - [2013.10.09 16:10:06 | 001,667,584 | ---- | M] (GlavSoft LLC.) [On_Demand | Running] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService) SRV - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.07.25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.21 13:09:10 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.06.13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.11.16 13:19:22 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2009.09.02 08:41:06 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC) SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cnnctfy2.sys -- (cnnctfy2MP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\michael\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2013.10.09 16:09:44 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto) DRV - [2013.09.27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2010.10.18 10:14:22 | 006,959,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.01.07 03:49:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.07.08 09:17:36 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2009.06.17 13:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2009.06.17 13:02:40 | 000,017,928 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2009.06.17 13:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2009.06.17 13:01:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2009.06.17 13:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.12.04 05:36:05 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo) DRV - [2008.12.03 10:39:37 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) DRV - [2008.11.19 16:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 16:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 16:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: google%40hitachi.com:0.3 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2 FF - prefs.js..extensions.enabledAddons: toolbar-tbplatform%40alexa.com:2.2 FF - prefs.js..extensions.enabledAddons: ffextension%40weheartit.com:3.1.1 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B62a6949c-2fcd-f9f2-952c-ae165cfb33b2%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\michael\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\michael\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\michael\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.11.20 20:58:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.11.20 20:58:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.11.20 21:10:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.25 05:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.11.20 21:10:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.25 05:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.07.20 18:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions [2009.07.20 18:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.07.02 14:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.11.23 12:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions [2013.11.23 12:03:56 | 000,000,000 | ---D | M] ("Yahoo Community Smartbar") -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\{62a6949c-2fcd-f9f2-952c-ae165cfb33b2} [2013.07.25 11:54:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\ich@maltegoetz.de [2013.08.25 21:49:50 | 000,000,000 | ---D | M] ("OLDIE RADIO") -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\toolbar-tbplatform@alexa.com [2013.10.14 20:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions [2011.08.27 10:07:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.07.02 13:16:19 | 000,000,000 | ---D | M] (MyKey Interface) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\{FACC66B7-E49F-49ed-997E-66A221FD956D} [2011.08.09 16:35:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\DeviceDetection@logitech.com [2011.08.11 13:39:38 | 000,000,000 | ---D | M] (Facebook Emoticon & Smiley) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\emoticon@luzky.com [2012.03.22 17:33:50 | 000,000,000 | ---D | M] (F1 by Mozilla Labs) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\ffshare@mozilla.org [2012.05.21 17:27:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\foxyproxy@eric.h.jung [2011.11.27 17:33:47 | 000,000,000 | ---D | M] ("Biscuit du trésor" />) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\inquiry@sharelovestory.com [2013.06.24 14:55:40 | 000,238,232 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\fbdislike@doweb.fr.xpi [2013.11.02 01:00:40 | 000,102,027 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\ffextension@weheartit.com.xpi [2013.02.08 12:59:10 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\google@hitachi.com.xpi [2013.11.13 10:48:20 | 000,639,485 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\toolbar@web.de.xpi [2012.03.21 15:24:06 | 000,325,600 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\smarterwiki@wikiatic.com.xpi [2012.07.07 11:44:09 | 000,575,929 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\toolbar@gmx.net.xpi [2012.05.11 16:58:58 | 000,355,956 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2013.10.15 13:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.10.16 09:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.08.17 14:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.11.16 02:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.11.20 20:58:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll CHR - Extension: No name found = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0\ CHR - Extension: No name found = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0\ O1 HOSTS File: ([2013.10.12 17:03:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for IE\FSAddin-0.86.dll () O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Users\michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk () O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 1.7.0_40) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71D0C0C8-EA67-4951-8803-AD2FA836D1DD}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873F1988-35B9-4226-AD86-1FE3FBA7194F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.11.25 19:22:02 | 000,000,000 | ---D | C] -- C:\_OTL [2013.11.25 07:35:42 | 000,000,000 | ---D | C] -- C:\Users\michael\Documents\Rentenversicherung_Kur [2013.11.23 09:56:54 | 000,000,000 | ---D | C] -- C:\FRST [2013.11.23 01:49:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} [2013.11.23 01:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.11.20 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.11.20 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\RealNetworks [2013.11.20 20:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013.11.20 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.11.20 20:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013.11.20 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013.11.19 21:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixlr [2013.11.19 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Pixlromatic [2013.11.19 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pixlr [2013.11.18 15:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.11.18 15:50:51 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\Windows\System32\pdfcmon.dll [2013.11.18 15:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013.11.18 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\michael\Documents\My Kindle Content [2013.11.18 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.11.18 15:26:30 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Amazon [2013.11.18 15:15:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.11.18 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.11.18 14:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.11.18 14:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.11.18 14:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.11.18 14:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.11.18 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.11.18 14:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.11.18 14:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\michael\Documents\*.tmp files -> C:\Users\michael\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.28 12:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.11.28 12:10:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2013.11.28 11:46:15 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2013.11.28 11:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.11.28 11:00:32 | 000,632,492 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.11.28 11:00:32 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.11.28 11:00:32 | 000,127,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.11.28 11:00:32 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.11.28 10:56:02 | 000,004,805 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI [2013.11.28 10:56:02 | 000,000,726 | ---- | M] () -- C:\Windows\System32\bscs.ini [2013.11.28 10:56:02 | 000,000,102 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI [2013.11.28 10:54:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.11.28 10:54:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.11.28 10:54:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.11.28 10:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.11.28 10:54:00 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys [2013.11.28 00:10:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.11.27 22:46:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.11.27 15:35:57 | 000,000,380 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI [2013.11.25 19:26:12 | 000,419,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.11.25 09:08:41 | 000,000,519 | ---- | M] () -- C:\Users\michael\Desktop\OTL.exe - Verknüpfung.lnk [2013.11.23 22:18:44 | 000,039,142 | ---- | M] () -- C:\Users\michael\Desktop\MaNuKa ..Graz.jpg [2013.11.23 11:27:41 | 000,062,014 | ---- | M] () -- C:\Users\michael\Documents\602a. Neues MS... ab 22.03.odt [2013.11.23 02:03:14 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.11.23 02:03:14 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.11.23 01:49:33 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk [2013.11.21 23:05:16 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.11.20 20:57:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2013.11.19 21:57:00 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Pixlr-o-matic.lnk [2013.11.18 15:51:02 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.18 14:38:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.11.18 14:36:24 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.11.18 14:11:11 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.11.12 21:27:45 | 000,847,989 | ---- | M] () -- C:\Users\michael\Documents\3114.pdf [2013.11.11 01:31:16 | 000,009,287 | ---- | M] () -- C:\Users\michael\.recently-used.xbel [2013.11.08 19:32:57 | 000,043,174 | ---- | M] () -- C:\Users\michael\Documents\Happy Day.jpg [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\michael\Documents\*.tmp files -> C:\Users\michael\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.25 09:08:41 | 000,000,519 | ---- | C] () -- C:\Users\michael\Desktop\OTL.exe - Verknüpfung.lnk [2013.11.23 22:18:42 | 000,039,142 | ---- | C] () -- C:\Users\michael\Desktop\MaNuKa ..Graz.jpg [2013.11.23 02:03:14 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.11.23 01:49:33 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk [2013.11.23 01:49:32 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.11.21 11:59:30 | 000,419,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.11.20 21:53:13 | 000,013,153 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2013.11.19 21:55:21 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Pixlr-o-matic.lnk [2013.11.18 15:51:02 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.18 14:36:24 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.11.18 14:23:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.11.18 14:11:11 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.11.14 11:12:56 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013.11.12 21:27:44 | 000,847,989 | ---- | C] () -- C:\Users\michael\Documents\3114.pdf [2013.11.11 01:31:16 | 000,009,287 | ---- | C] () -- C:\Users\michael\.recently-used.xbel [2013.11.08 19:32:52 | 000,043,174 | ---- | C] () -- C:\Users\michael\Documents\Happy Day.jpg [2013.10.16 09:35:46 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.10.14 17:26:05 | 000,000,094 | ---- | C] () -- C:\Users\michael\AppData\Roaming\WB.CFG [2013.10.14 17:26:05 | 000,000,006 | ---- | C] () -- C:\Users\michael\AppData\Roaming\WBPU-TTL.DAT [2013.10.10 11:05:02 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013.04.24 10:58:56 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2013.04.18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2013.02.21 13:09:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe [2012.05.29 14:00:29 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2010.09.20 12:41:20 | 000,006,614 | ---- | C] () -- C:\Users\michael\shexview_lng.ini [2010.07.25 18:18:14 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IGBT9Y2.JPG [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IDOOI7P.BUP [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IAURFUT.IFO [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$I3IX2MZ.IFO [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$I1QNAH1.BUP [2010.05.13 10:15:42 | 000,019,456 | ---- | C] () -- C:\Users\michael\AppData\Local\WebpageIcons.db [2010.04.10 08:08:46 | 000,000,680 | ---- | C] () -- C:\Users\michael\AppData\Local\d3d9caps.dat [2009.10.01 13:25:59 | 000,000,148 | ---- | C] () -- C:\Users\michael\AppData\Roaming\default.pls [2009.06.30 18:07:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.28 12:32:54 | 000,001,738 | ---- | C] () -- C:\Users\michael\AppData\Roaming\wklnhst.dat [2009.06.27 19:39:38 | 000,233,984 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\.oit [2012.04.19 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\1&1 Mail & Media GmbH [2011.10.18 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Ashampoo [2011.05.16 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Auslogics [2012.05.15 17:35:48 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2013.11.23 02:02:20 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\DVDVideoSoft [2010.08.11 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\EPSON [2010.01.21 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FRITZ! [2010.07.18 10:48:44 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.02.13 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\GARMIN [2012.04.16 17:09:37 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\GMX [2013.11.11 01:31:16 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\gtk-2.0 [2012.09.20 19:45:49 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ICQ [2012.03.16 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ImgBurn [2011.04.03 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\LibreOffice [2009.10.03 09:21:03 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Lingoes [2010.06.02 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MuldeR [2013.02.27 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MusicNet [2010.12.29 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\NewSoft [2011.02.06 17:10:21 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Octoshape [2013.07.25 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\OpenOffice [2009.06.27 23:17:19 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\OpenOffice.org [2009.08.27 11:47:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Opera [2013.11.19 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Pixlromatic [2009.09.22 19:31:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ppstream [2013.08.19 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Samsung [2009.06.28 12:33:13 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Template [2009.07.20 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TomTom [2012.08.11 20:07:32 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Trillian [2013.11.23 01:50:22 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TuneUp Software [2012.04.16 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\WEB.DE ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 6 "ProviderFileName0" = unimdm.tsp -- [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderID4" = 5 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "LocalService" = nsilltdsvcSSDPSRVupnphostSCard [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = hidservUxSmsWdiSystemHostNetman [Binary data over 200 bytes] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "LocalServiceNoNetwork" = PLADPSBFEmpssvcehstart [binary data] "NetworkService" = CryptSvcDHCPTermServiceKtmRmDN [Binary data over 200 bytes] "termsvcs" = TermService [binary data] "WerSvcGroup" = wersvc [binary data] -- [2009.04.11 07:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation) "netsvcs" = AeLookupSvcwercplsupportThemesC [Binary data over 200 bytes] "swprv" = swprv [binary data] -- [2009.04.11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvLmHostswsc [Binary data over 200 bytes] "rpcss" = RpcSs [binary data] -- [2009.04.11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) "regsvc" = RemoteRegistry [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2006.11.02 10:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) "DcomLaunch" = PlugPlayDcomLaunch [binary data] "wdisvc" = WdiServiceHost [binary data] "sdrsvc" = sdrsvc [binary data] -- [2008.01.21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "secsvcs" = WinDefend [binary data] "bthsvcs" = BthServ [binary data] -- [2009.04.11 07:28:18 | 000,040,960 | ---- | M] (Microsoft Corporation) "getPlusHelper" = getPlusHelper [binary data] "LocalServiceAndNoImpersonation" = FontCache [binary data] "GPSvcGroup" = GPSvc [binary data] -- [2009.04.11 07:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\getPlusHelper] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < %SystemRoot%\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /800 > [2012.04.19 13:56:56 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2012.04.19 13:56:56 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advpack.dll [2013.06.04 02:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2013.06.04 05:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2013.08.01 03:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll [2013.04.24 05:00:24 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll [2013.04.18 18:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll [2013.07.04 05:21:15 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll [2013.10.03 13:45:45 | 000,993,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.04.17 13:30:06 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll [2013.07.08 05:16:55 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2013.07.08 05:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.03.09 04:45:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll [2013.08.27 02:32:20 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2013.08.27 03:47:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll [2013.08.27 03:47:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll [2013.08.27 02:50:40 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.08.27 02:52:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2013.08.27 03:47:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2013.08.27 03:47:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.04.18 18:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll [2013.04.18 18:06:08 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DIFxAPI.dll [2012.11.02 11:18:17 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2013.08.27 02:28:36 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2012.04.19 13:56:59 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012.04.19 13:57:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2011.10.14 17:02:19 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll [2013.08.27 02:28:35 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll [2013.10.11 03:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL [2013.10.03 13:45:50 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2012.08.21 13:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll [2013.06.15 14:22:11 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icaapi.dll [2012.04.19 13:56:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012.04.19 13:56:55 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012.04.19 13:56:55 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012.04.19 13:56:56 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012.04.19 13:56:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012.04.19 13:56:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012.04.19 13:56:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.10.13 11:08:04 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.04.19 13:56:56 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012.04.19 13:56:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.10.13 10:27:40 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.04.19 13:56:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012.04.19 13:57:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.10.13 10:20:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2013.10.11 03:08:02 | 000,444,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL [2012.02.29 16:09:53 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012.04.19 13:56:56 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012.04.19 13:56:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll [2013.10.13 10:30:20 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.10.13 10:48:06 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.10.13 10:32:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.09.28 17:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2012.04.19 13:56:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.11 16:57:00 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll [2011.11.16 17:21:57 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll [2013.04.18 18:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll [2013.04.18 18:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll [2013.04.18 18:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll [2013.04.18 18:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll [2013.04.18 18:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll [2011.10.14 17:00:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mciseq.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll [2013.04.18 18:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll [2013.10.13 10:27:43 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.04.19 13:56:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2013.04.18 18:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll [2013.10.13 11:42:12 | 012,344,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.10.13 10:26:08 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.04.19 13:57:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.04.19 13:57:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2013.04.18 18:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll [2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSMPIDE.DLL [2012.04.19 13:57:01 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2013.03.08 04:52:22 | 002,067,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2013.11.20 20:57:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp71.dll [2012.08.16 14:12:06 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100.dll [2011.12.14 17:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.05 17:47:27 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.11.02 11:19:34 | 001,400,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2013.04.18 18:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll [2013.04.18 18:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll [2013.04.18 18:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll [2013.04.18 18:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll [2012.11.20 05:22:50 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.06.29 17:01:42 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2013.07.09 13:10:36 | 001,205,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012.12.29 11:26:54 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll [2012.07.03 16:25:20 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapo32v.dll [2012.12.29 11:26:54 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll [2012.12.29 09:26:22 | 004,129,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcpl.dll [2012.12.29 11:26:54 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll [2012.12.29 11:26:54 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll [2012.12.29 11:26:54 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll [2012.12.29 11:26:54 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll [2012.12.29 11:26:54 | 001,017,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispco32.dll [2012.12.29 11:26:54 | 000,889,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispgenco32.dll [2012.05.15 11:26:00 | 000,883,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvgenco32.dll [2012.07.03 08:37:56 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvhdagenco3220103.dll [2012.07.03 16:25:21 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvhdap32.dll [2012.12.29 09:25:57 | 000,108,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvmctray.dll [2012.12.29 11:26:54 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll [2012.12.29 11:26:54 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvopencl.dll [2012.12.29 09:25:57 | 000,062,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvshext.dll [2012.12.29 09:26:22 | 003,001,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvc.dll [2012.12.29 09:25:57 | 002,557,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvcr.dll [2012.12.29 11:26:54 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll [2012.04.19 13:56:57 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2012.05.15 11:26:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll [2011.11.18 18:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2013.04.09 15:13:52 | 000,095,416 | ---- | M] (pdfforge GmbH) -- C:\Windows\system32\pdfcmon.dll [2013.11.20 20:57:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\system32\pncrt.dll [2013.11.20 20:57:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\pndx5016.dll [2013.11.20 20:57:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\pndx5032.dll [2012.04.19 13:56:57 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2013.07.20 11:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll [2013.05.02 05:03:42 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\printcom.dll [2011.10.25 16:58:54 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2013.06.01 05:06:08 | 000,505,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll [2012.11.08 04:48:38 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012.01.09 16:54:08 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpencom.dll [2013.04.18 18:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll [2013.11.20 20:58:11 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\rmoc3260.dll [2013.07.10 10:47:00 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll [2012.06.02 01:04:25 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2011.11.16 17:23:08 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012.11.22 04:54:36 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shlwapi.dll [2013.04.24 10:58:56 | 000,362,029 | ---- | M] () -- C:\Windows\system32\sqlite3.dll [2012.09.25 17:19:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.07.16 05:35:16 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\themeui.dll [2013.07.17 20:41:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.10.13 10:33:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.10.13 10:37:03 | 001,104,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.10.13 10:29:02 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2013.04.03 08:58:16 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01007.dll [2012.07.26 03:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll [2012.04.19 13:56:58 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2013.05.02 05:04:25 | 000,443,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.11.18 14:14:06 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winhttp.dll [2013.10.13 10:35:38 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2011.10.14 17:03:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winmm.dll [2013.03.08 04:53:50 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2013.07.08 05:20:04 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2013.04.03 08:58:16 | 000,581,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller.dll [2012.02.29 16:11:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2013.08.02 05:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2012.06.02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2012.06.02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.07.26 04:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll [2012.07.26 04:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll [2012.07.26 04:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll [2012.07.26 04:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll [2012.06.02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2012.06.02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2012.06.02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2012.06.02 14:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.06.30 20:30:27 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2009.06.30 20:30:28 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2010.02.09 16:23:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.02.09 16:23:58 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.03.20 07:32:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.08.22 23:05:53 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.08.22 23:05:56 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job < > < End of report > |
|
28.11.2013, 12:33
| #21 |
| | Malwarebytes Anti-Malware Scan findet zwei VirenCode:
ATTFilter OTL logfile created on: 28.11.2013 12:14:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michael\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,58% Memory free 6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 277,96 Gb Total Space | 140,65 Gb Free Space | 50,60% Space Free | Partition Type: NTFS Drive D: | 20,12 Gb Total Space | 11,23 Gb Free Space | 55,84% Space Free | Partition Type: FAT32 Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.11.25 09:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Downloads\OTL.exe PRC - [2013.11.06 02:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.11.06 02:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.10.23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013.10.23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013.10.09 16:13:42 | 000,836,160 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe PRC - [2013.10.09 16:13:42 | 000,166,976 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe PRC - [2013.10.09 16:13:40 | 001,233,472 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe PRC - [2013.10.09 16:10:06 | 001,667,584 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\Soluto\SolutoRemoteService.exe PRC - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.21 13:09:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.12.02 23:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2009.09.02 08:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2009.09.02 08:41:06 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.09 08:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.11.03 14:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.05.24 13:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.21 12:16:20 | 000,344,064 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.11.22 19:51:34 | 014,972,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\642ba04dfd0cf6b5a4bd768ab404eb4f\Kies.Theme.ni.dll MOD - [2013.11.22 19:51:33 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\9e97c3b33aa7fb9d900bca4f6d93ec9e\DummyStorePlugin.ni.dll MOD - [2013.11.22 19:51:32 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\dcd008a3fba48090b7a4e6e4a5e7b20a\DeviceStoryAlbum.ni.dll MOD - [2013.11.22 19:51:31 | 000,616,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\eeefdbf91e99a91bf0f1948d5fd68d87\DevicePodcast.ni.dll MOD - [2013.11.22 19:51:30 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3466f424f84c9d58703c8d49e3cec991\DeviceVideo.ni.dll MOD - [2013.11.22 19:51:29 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\f8e9e990d7da96e9307421d5a315b2c2\DevicePhoto.ni.dll MOD - [2013.11.22 19:51:28 | 000,308,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\330e21cf540e1aa133c80efc7eb9b134\DeviceMusic.ni.dll MOD - [2013.11.22 19:51:26 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\b6dbdf0a1deb9bb640437d640b42d4e9\VideoManager.ni.dll MOD - [2013.11.22 19:51:25 | 000,807,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\0c2f7492807cfcfe18ea06ce6acc909c\PhotoManager.ni.dll MOD - [2013.11.22 19:51:23 | 001,993,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8bdb875a966da6a46b121bb480b90510\Phonebook.ni.dll MOD - [2013.11.22 19:51:20 | 000,207,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\9a0aa4c727254e57018d6618310763d2\StoryAlbumManager.ni.dll MOD - [2013.11.22 19:51:19 | 000,945,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1199d9d5982b9c9e09a68ff0a5c8c709\MusicManager.ni.dll MOD - [2013.11.22 19:51:18 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\2cd3ab735bdeddcc09727d40c2c2d8a2\BATPlugin.ni.dll MOD - [2013.11.22 19:51:16 | 000,534,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\da4a656f5af4ca1cb53934034314853e\Kies.Common.MediaDB.ni.dll MOD - [2013.11.22 19:51:16 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\6e02e15174282cb0ddd24edfe74eb58b\Kies.Common.StoreManager.ni.dll MOD - [2013.11.22 19:51:15 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\2c2dbe86884ed4a0f6ad598beae9699f\Kies.Common.AllShare.ni.dll MOD - [2013.11.22 19:51:14 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c3d1340662ee751e8d733de79da14ebd\Kies.Common.DBManager.ni.dll MOD - [2013.11.22 19:51:13 | 000,110,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\6b1bd95506210a735156fd15f42262fa\Kies.Common.CRMManager.ni.dll MOD - [2013.11.22 19:51:12 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\269bf7229a2bdccf2fac6ae1f9514060\Podcaster.ni.dll MOD - [2013.11.22 19:51:10 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a6fc5e998baff5bb685990cb2d7eaac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.11.22 19:51:09 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\218d40e918840027f02f89b6286f3da6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.11.22 19:51:09 | 000,178,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4c137894061073dafac4b63132301fba\Interop.DevFileServiceLib.ni.dll MOD - [2013.11.22 19:51:08 | 000,581,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1b40bd018e69bfb3e081df88e2547003\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.11.22 19:51:07 | 001,226,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c4618a76c264bd85178296bb92391319\Kies.Common.DeviceService.ni.dll MOD - [2013.11.22 19:51:04 | 001,002,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\d785f2e0cdc6d8873b86b6b266a4913d\DeviceCommonLib.ni.dll MOD - [2013.11.22 19:51:03 | 000,750,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\ea8968244daac8c5873aa87235a7b49d\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.11.22 19:51:01 | 000,206,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\25bfc8f9251c5d14e0deeca8cb047efe\Kies.Common.MainUI.ni.dll MOD - [2013.11.22 19:50:54 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb36527133c6a9e51f53aab9ca2faabe\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.11.22 19:50:53 | 000,940,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\80b0d9d062e12555279d83988d066d4b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.11.22 19:50:51 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\97feb913f82b178f436c759ba72a827f\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.11.22 19:50:50 | 002,221,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\38aa59acafca02f45ea4a74f287bb68a\Kies.Common.Multimedia.ni.dll MOD - [2013.11.22 19:50:45 | 000,640,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6b9eaab90feb84cec955aa5d2e9c2e80\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.11.22 19:50:45 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\891822cfc054262435c02192bb220192\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.11.22 19:50:38 | 007,192,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\ab72498f92b57b4621fd64b22c85815d\DeviceHost.ni.dll MOD - [2013.11.22 19:50:29 | 000,315,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\2bcad8b67324e46ce281141cf9bb8043\Kies.Common.Util.ni.dll MOD - [2013.11.22 19:50:28 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\8d5eca0d35b2a052e3a117cdf708a252\Interop.DeviceSearchLib.ni.dll MOD - [2013.11.22 19:50:27 | 001,734,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c00186c7088636f481c1a2ec57faade5\Kies.Locale.ni.dll MOD - [2013.11.22 19:50:26 | 001,952,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\abbba0f399508efdbeaf78b2e2fa7b03\Kies.UI.ni.dll MOD - [2013.11.22 19:50:26 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\6f25a20174765872519f821c6c68bfda\Kies.MVVM.ni.dll MOD - [2013.11.22 19:50:22 | 001,288,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\12c56c6f281e94ee5ff88ecd3b72b8d5\Kies.Interface.ni.dll MOD - [2013.11.22 19:50:19 | 002,183,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\823d395f518a40bab1ba61d5bcca005b\Kies.ni.exe MOD - [2013.10.10 11:07:11 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\a3c7d703aac11b9613b4ec2b9499fe27\PCGPostBootResources.ni.dll MOD - [2013.10.10 11:07:10 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\d808faa10b1aea52e3ba7338b934faeb\PCGHIDProbe.ni.dll MOD - [2013.10.10 11:07:08 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\e2aedb04b2ecfadf9f3e25b37db2a7de\PCGRSPProbe.ni.dll MOD - [2013.10.10 11:07:06 | 000,210,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\a66c8fb1112a35ea5b167c63fc229762\PCGBootVisualizingCommon.ni.dll MOD - [2013.10.10 11:07:02 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\4b559204a51e98c622e88c9e59cff88c\PCGDriverProbe.ni.dll MOD - [2013.10.10 11:07:00 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\fea40edf5e90ea9176de6bb2b1ef5ad3\Community.CsharpSqlite.ni.dll MOD - [2013.10.10 11:06:57 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\cc61d922797993ad22d12f24cea26fd5\PCGWuInfo.ni.dll MOD - [2013.10.10 11:06:56 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\1cc564468f371f8f0209f230fa6679ec\Interop.IWshRuntimeLibrary.ni.dll MOD - [2013.10.10 11:06:54 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\ba911318808ac46ccaa23b7948d55485\PCGUsersCenter.ni.dll MOD - [2013.10.10 11:06:52 | 000,178,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\7d64c748a9d22e3d6e0b955b652081fa\PCGAppControlPluginLoader.ni.dll MOD - [2013.10.10 11:06:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\4869c29247a668106dbff885f8d0a69d\PCGConfiguration.ni.dll MOD - [2013.10.10 11:06:46 | 003,957,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\5801b3422fdecce9bebdd46a9e12d7af\PCGDatabase.ni.dll MOD - [2013.10.10 11:06:38 | 001,340,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\9c17f215c0729695bf3aef31d77889ad\PCGCommunication.ni.dll MOD - [2013.10.10 11:06:22 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\479e5c8c45c4c774cfe0534e5857421f\PCGAzureEntityFramework.ni.dll MOD - [2013.10.10 11:06:19 | 001,913,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\6f7fde1b6429e3f44aefa069fdaee688\PCGAzureShared.ni.dll MOD - [2013.10.10 11:06:16 | 004,574,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\5c49b4b7de8da145abcafc75e3751b82\PCGClientCommon.ni.dll MOD - [2013.10.10 11:05:57 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\76c2bd9ee1f5ffc30dc759f8724fdbeb\PCGPreCompiled.ni.dll MOD - [2013.10.10 11:05:53 | 000,267,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\deb9987f7dbcd4eac8a30a6219a38480\PCGPrestoSerializer.ni.dll MOD - [2013.10.10 11:05:52 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\162c64fffc7e69ab237b6486e3e5b3a7\Ionic.Zip.Reduced.ni.dll MOD - [2013.10.10 11:05:51 | 002,128,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\c7d17aafbcdcc3aa47f35d53f325bda8\Newtonsoft.Json.Net35.ni.dll MOD - [2013.10.10 11:05:38 | 003,312,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\f378fe18493c7c17e85418e8d33cce5e\PCGFramework.ni.dll MOD - [2013.10.10 11:05:31 | 001,725,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\f4e66fb093ea6066de39f10c73d7fd0b\Soluto.ni.exe MOD - [2013.10.09 20:20:03 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll MOD - [2013.10.09 16:10:06 | 000,077,376 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll MOD - [2013.10.09 12:41:06 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll MOD - [2013.10.09 12:40:49 | 002,518,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\3815d0ee28da0b5a6e6c1f083ef437f6\System.Data.Linq.ni.dll MOD - [2013.10.09 12:40:34 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll MOD - [2013.10.09 04:45:31 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\6cfb6056dfe610b88af47c21a80026b7\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.10.09 04:39:45 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll MOD - [2013.10.09 04:39:29 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll MOD - [2013.10.09 04:39:18 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll MOD - [2013.10.09 04:39:09 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll MOD - [2013.10.09 04:39:01 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll MOD - [2013.08.15 08:08:25 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1bf91944c0a39048bb079c5d81f90529\System.Runtime.Serialization.ni.dll MOD - [2013.08.15 08:07:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll MOD - [2013.08.15 08:07:44 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll MOD - [2013.08.14 16:13:23 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll MOD - [2013.08.14 16:10:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll MOD - [2013.08.14 16:01:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll MOD - [2013.08.14 15:11:15 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll MOD - [2013.08.14 15:09:45 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll MOD - [2013.08.14 15:08:50 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f17c7bc239be0eb7661cbcd3cff1ea16\System.Runtime.Remoting.ni.dll MOD - [2013.08.14 15:08:27 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll MOD - [2013.08.14 15:04:10 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll MOD - [2013.08.14 15:04:04 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll MOD - [2013.07.21 23:58:41 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013.07.21 23:58:40 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013.07.12 08:20:48 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0cd09e4839a2bfe65311191d2e61c698\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.07.12 08:20:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\be9d4a331a41a83465c56b735845c86b\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.07.12 08:20:46 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\a474771ad225ef2b83d38a86a160ed53\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.07.12 08:20:15 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\abebd90a3673cde0cd3a1b81a9f18f86\CabLib.ni.dll MOD - [2013.07.12 01:24:04 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2cd2c82bbe22932ed5b4d51c3b5059eb\CustomMarshalers.ni.dll MOD - [2013.07.11 16:37:56 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013.07.11 16:21:13 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll MOD - [2012.10.08 12:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.02.22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2009.06.27 18:14:15 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.03.21 12:16:20 | 000,344,064 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe MOD - [2007.08.27 12:44:58 | 000,049,152 | ---- | M] () -- C:\Program Files\ScanWizard 5\Scanners\Mphase32.dll MOD - [2007.01.05 13:05:20 | 000,249,856 | ---- | M] () -- C:\Program Files\ScanWizard 5\SFRes.dll MOD - [2005.05.04 14:26:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ScanWizard 5\Scanners\MS32RES.DLL ========== Services (SafeList) ========== SRV - [2013.11.16 02:04:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.11.14 11:07:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.10.23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.10.09 16:13:42 | 000,836,160 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService) SRV - [2013.10.09 16:13:42 | 000,166,976 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService) SRV - [2013.10.09 16:10:06 | 001,667,584 | ---- | M] (GlavSoft LLC.) [On_Demand | Running] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService) SRV - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.07.25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.21 13:09:10 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.06.13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.11.16 13:19:22 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2009.09.02 08:41:06 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC) SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cnnctfy2.sys -- (cnnctfy2MP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\michael\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2013.10.09 16:09:44 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto) DRV - [2013.09.27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2010.10.18 10:14:22 | 006,959,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.01.07 03:49:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.07.08 09:17:36 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2009.06.17 13:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2009.06.17 13:02:40 | 000,017,928 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2009.06.17 13:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2009.06.17 13:01:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2009.06.17 13:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.12.04 05:36:05 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo) DRV - [2008.12.03 10:39:37 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) DRV - [2008.11.19 16:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 16:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 16:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: google%40hitachi.com:0.3 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2 FF - prefs.js..extensions.enabledAddons: toolbar-tbplatform%40alexa.com:2.2 FF - prefs.js..extensions.enabledAddons: ffextension%40weheartit.com:3.1.1 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B62a6949c-2fcd-f9f2-952c-ae165cfb33b2%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\michael\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\michael\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\michael\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.11.20 20:58:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.11.20 20:58:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.11.20 21:10:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.25 05:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.11.20 21:10:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.25 05:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.07.20 18:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions [2009.07.20 18:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.07.02 14:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.11.23 12:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions [2013.11.23 12:03:56 | 000,000,000 | ---D | M] ("Yahoo Community Smartbar") -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\{62a6949c-2fcd-f9f2-952c-ae165cfb33b2} [2013.07.25 11:54:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\ich@maltegoetz.de [2013.08.25 21:49:50 | 000,000,000 | ---D | M] ("OLDIE RADIO") -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\1wge02ki.default-1341749340073\extensions\toolbar-tbplatform@alexa.com [2013.10.14 20:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions [2011.08.27 10:07:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.07.02 13:16:19 | 000,000,000 | ---D | M] (MyKey Interface) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\{FACC66B7-E49F-49ed-997E-66A221FD956D} [2011.08.09 16:35:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\DeviceDetection@logitech.com [2011.08.11 13:39:38 | 000,000,000 | ---D | M] (Facebook Emoticon & Smiley) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\emoticon@luzky.com [2012.03.22 17:33:50 | 000,000,000 | ---D | M] (F1 by Mozilla Labs) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\ffshare@mozilla.org [2012.05.21 17:27:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\foxyproxy@eric.h.jung [2011.11.27 17:33:47 | 000,000,000 | ---D | M] ("Biscuit du trésor" />) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\ezy83d9t.default\extensions\inquiry@sharelovestory.com [2013.06.24 14:55:40 | 000,238,232 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\fbdislike@doweb.fr.xpi [2013.11.02 01:00:40 | 000,102,027 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\ffextension@weheartit.com.xpi [2013.02.08 12:59:10 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\google@hitachi.com.xpi [2013.11.13 10:48:20 | 000,639,485 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\1wge02ki.default-1341749340073\extensions\toolbar@web.de.xpi [2012.03.21 15:24:06 | 000,325,600 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\smarterwiki@wikiatic.com.xpi [2012.07.07 11:44:09 | 000,575,929 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\toolbar@gmx.net.xpi [2012.05.11 16:58:58 | 000,355,956 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\ezy83d9t.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2013.10.15 13:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.10.16 09:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.08.17 14:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.11.16 02:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.11.20 20:58:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll CHR - Extension: No name found = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0\ CHR - Extension: No name found = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0\ O1 HOSTS File: ([2013.10.12 17:03:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for IE\FSAddin-0.86.dll () O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Users\michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk () O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 1.7.0_40) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71D0C0C8-EA67-4951-8803-AD2FA836D1DD}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873F1988-35B9-4226-AD86-1FE3FBA7194F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.11.25 19:22:02 | 000,000,000 | ---D | C] -- C:\_OTL [2013.11.25 07:35:42 | 000,000,000 | ---D | C] -- C:\Users\michael\Documents\Rentenversicherung_Kur [2013.11.23 09:56:54 | 000,000,000 | ---D | C] -- C:\FRST [2013.11.23 01:49:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} [2013.11.23 01:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.11.20 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.11.20 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\RealNetworks [2013.11.20 20:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013.11.20 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.11.20 20:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013.11.20 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013.11.19 21:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixlr [2013.11.19 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Pixlromatic [2013.11.19 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pixlr [2013.11.18 15:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.11.18 15:50:51 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\Windows\System32\pdfcmon.dll [2013.11.18 15:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013.11.18 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\michael\Documents\My Kindle Content [2013.11.18 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.11.18 15:26:30 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Amazon [2013.11.18 15:15:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.11.18 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.11.18 14:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.11.18 14:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.11.18 14:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.11.18 14:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.11.18 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.11.18 14:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.11.18 14:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\michael\Documents\*.tmp files -> C:\Users\michael\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.28 12:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.11.28 12:10:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2013.11.28 11:46:15 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2013.11.28 11:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.11.28 11:00:32 | 000,632,492 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.11.28 11:00:32 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.11.28 11:00:32 | 000,127,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.11.28 11:00:32 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.11.28 10:56:02 | 000,004,805 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI [2013.11.28 10:56:02 | 000,000,726 | ---- | M] () -- C:\Windows\System32\bscs.ini [2013.11.28 10:56:02 | 000,000,102 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI [2013.11.28 10:54:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.11.28 10:54:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.11.28 10:54:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.11.28 10:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.11.28 10:54:00 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys [2013.11.28 00:10:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.11.27 22:46:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.11.27 15:35:57 | 000,000,380 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI [2013.11.25 19:26:12 | 000,419,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.11.25 09:08:41 | 000,000,519 | ---- | M] () -- C:\Users\michael\Desktop\OTL.exe - Verknüpfung.lnk [2013.11.23 22:18:44 | 000,039,142 | ---- | M] () -- C:\Users\michael\Desktop\MaNuKa ..Graz.jpg [2013.11.23 11:27:41 | 000,062,014 | ---- | M] () -- C:\Users\michael\Documents\602a. Neues MS... ab 22.03.odt [2013.11.23 02:03:14 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.11.23 02:03:14 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.11.23 01:49:33 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk [2013.11.21 23:05:16 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.11.20 20:57:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2013.11.19 21:57:00 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Pixlr-o-matic.lnk [2013.11.18 15:51:02 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.18 14:38:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.11.18 14:36:24 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.11.18 14:11:11 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.11.12 21:27:45 | 000,847,989 | ---- | M] () -- C:\Users\michael\Documents\3114.pdf [2013.11.11 01:31:16 | 000,009,287 | ---- | M] () -- C:\Users\michael\.recently-used.xbel [2013.11.08 19:32:57 | 000,043,174 | ---- | M] () -- C:\Users\michael\Documents\Happy Day.jpg [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\michael\Documents\*.tmp files -> C:\Users\michael\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.25 09:08:41 | 000,000,519 | ---- | C] () -- C:\Users\michael\Desktop\OTL.exe - Verknüpfung.lnk [2013.11.23 22:18:42 | 000,039,142 | ---- | C] () -- C:\Users\michael\Desktop\MaNuKa ..Graz.jpg [2013.11.23 02:03:14 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.11.23 01:49:33 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk [2013.11.23 01:49:32 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.11.21 11:59:30 | 000,419,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.11.20 21:53:13 | 000,013,153 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2013.11.19 21:55:21 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Pixlr-o-matic.lnk [2013.11.18 15:51:02 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.18 14:36:24 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.11.18 14:23:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.11.18 14:11:11 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.11.14 11:12:56 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013.11.12 21:27:44 | 000,847,989 | ---- | C] () -- C:\Users\michael\Documents\3114.pdf [2013.11.11 01:31:16 | 000,009,287 | ---- | C] () -- C:\Users\michael\.recently-used.xbel [2013.11.08 19:32:52 | 000,043,174 | ---- | C] () -- C:\Users\michael\Documents\Happy Day.jpg [2013.10.16 09:35:46 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.10.14 17:26:05 | 000,000,094 | ---- | C] () -- C:\Users\michael\AppData\Roaming\WB.CFG [2013.10.14 17:26:05 | 000,000,006 | ---- | C] () -- C:\Users\michael\AppData\Roaming\WBPU-TTL.DAT [2013.10.10 11:05:02 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013.04.24 10:58:56 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2013.04.18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2013.02.21 13:09:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe [2012.05.29 14:00:29 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2010.09.20 12:41:20 | 000,006,614 | ---- | C] () -- C:\Users\michael\shexview_lng.ini [2010.07.25 18:18:14 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IGBT9Y2.JPG [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IDOOI7P.BUP [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$IAURFUT.IFO [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$I3IX2MZ.IFO [2010.07.25 18:18:11 | 000,000,544 | ---- | C] () -- C:\Users\michael\AppData\Roaming\$I1QNAH1.BUP [2010.05.13 10:15:42 | 000,019,456 | ---- | C] () -- C:\Users\michael\AppData\Local\WebpageIcons.db [2010.04.10 08:08:46 | 000,000,680 | ---- | C] () -- C:\Users\michael\AppData\Local\d3d9caps.dat [2009.10.01 13:25:59 | 000,000,148 | ---- | C] () -- C:\Users\michael\AppData\Roaming\default.pls [2009.06.30 18:07:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.28 12:32:54 | 000,001,738 | ---- | C] () -- C:\Users\michael\AppData\Roaming\wklnhst.dat [2009.06.27 19:39:38 | 000,233,984 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\.oit [2012.04.19 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\1&1 Mail & Media GmbH [2011.10.18 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Ashampoo [2011.05.16 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Auslogics [2012.05.15 17:35:48 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2013.11.23 02:02:20 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\DVDVideoSoft [2010.08.11 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\EPSON [2010.01.21 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FRITZ! [2010.07.18 10:48:44 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.02.13 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\GARMIN [2012.04.16 17:09:37 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\GMX [2013.11.11 01:31:16 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\gtk-2.0 [2012.09.20 19:45:49 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ICQ [2012.03.16 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ImgBurn [2011.04.03 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\LibreOffice [2009.10.03 09:21:03 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Lingoes [2010.06.02 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MuldeR [2013.02.27 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MusicNet [2010.12.29 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\NewSoft [2011.02.06 17:10:21 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Octoshape [2013.07.25 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\OpenOffice [2009.06.27 23:17:19 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\OpenOffice.org [2009.08.27 11:47:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Opera [2013.11.19 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Pixlromatic [2009.09.22 19:31:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ppstream [2013.08.19 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Samsung [2009.06.28 12:33:13 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Template [2009.07.20 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TomTom [2012.08.11 20:07:32 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Trillian [2013.11.23 01:50:22 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TuneUp Software [2012.04.16 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\WEB.DE ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 6 "ProviderFileName0" = unimdm.tsp -- [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderID4" = 5 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "LocalService" = nsilltdsvcSSDPSRVupnphostSCard [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = hidservUxSmsWdiSystemHostNetman [Binary data over 200 bytes] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "LocalServiceNoNetwork" = PLADPSBFEmpssvcehstart [binary data] "NetworkService" = CryptSvcDHCPTermServiceKtmRmDN [Binary data over 200 bytes] "termsvcs" = TermService [binary data] "WerSvcGroup" = wersvc [binary data] -- [2009.04.11 07:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation) "netsvcs" = AeLookupSvcwercplsupportThemesC [Binary data over 200 bytes] "swprv" = swprv [binary data] -- [2009.04.11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvLmHostswsc [Binary data over 200 bytes] "rpcss" = RpcSs [binary data] -- [2009.04.11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) "regsvc" = RemoteRegistry [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2006.11.02 10:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) "DcomLaunch" = PlugPlayDcomLaunch [binary data] "wdisvc" = WdiServiceHost [binary data] "sdrsvc" = sdrsvc [binary data] -- [2008.01.21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "secsvcs" = WinDefend [binary data] "bthsvcs" = BthServ [binary data] -- [2009.04.11 07:28:18 | 000,040,960 | ---- | M] (Microsoft Corporation) "getPlusHelper" = getPlusHelper [binary data] "LocalServiceAndNoImpersonation" = FontCache [binary data] "GPSvcGroup" = GPSvc [binary data] -- [2009.04.11 07:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\getPlusHelper] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < %SystemRoot%\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /800 > [2012.04.19 13:56:56 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2012.04.19 13:56:56 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advpack.dll [2013.06.04 02:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2013.06.04 05:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2013.08.01 03:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll [2013.04.24 05:00:24 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll [2013.04.18 18:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll [2013.07.04 05:21:15 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll [2013.10.03 13:45:45 | 000,993,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.04.17 13:30:06 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll [2013.07.08 05:16:55 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2013.07.08 05:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.03.09 04:45:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll [2013.08.27 02:32:20 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2013.08.27 03:47:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll [2013.08.27 03:47:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll [2013.08.27 02:50:40 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.08.27 02:52:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2013.08.27 03:47:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2013.08.27 03:47:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.04.18 18:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll [2013.04.18 18:06:08 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DIFxAPI.dll [2012.11.02 11:18:17 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2013.08.27 02:28:36 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2012.04.19 13:56:59 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012.04.19 13:57:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2011.10.14 17:02:19 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll [2013.08.27 02:28:35 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll [2013.10.11 03:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL [2013.10.03 13:45:50 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2012.08.21 13:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll [2013.06.15 14:22:11 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icaapi.dll [2012.04.19 13:56:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012.04.19 13:56:55 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012.04.19 13:56:55 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012.04.19 13:56:56 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012.04.19 13:56:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012.04.19 13:56:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012.04.19 13:56:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.10.13 11:08:04 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.04.19 13:56:56 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012.04.19 13:56:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.10.13 10:27:40 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.04.19 13:56:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012.04.19 13:57:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.10.13 10:20:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2013.10.11 03:08:02 | 000,444,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL [2012.02.29 16:09:53 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012.04.19 13:56:56 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012.04.19 13:56:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll [2013.10.13 10:30:20 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.10.13 10:48:06 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.10.13 10:32:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.09.28 17:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2012.04.19 13:56:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.11 16:57:00 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll [2011.11.16 17:21:57 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll [2013.04.18 18:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll [2013.04.18 18:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll [2013.04.18 18:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll [2013.04.18 18:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll [2013.04.18 18:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll [2011.10.14 17:00:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mciseq.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll [2013.04.18 18:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll [2013.10.13 10:27:43 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.04.19 13:56:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2013.04.18 18:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll [2013.10.13 11:42:12 | 012,344,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.10.13 10:26:08 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.04.19 13:57:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.04.19 13:57:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2013.04.18 18:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll [2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSMPIDE.DLL [2012.04.19 13:57:01 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2013.03.08 04:52:22 | 002,067,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2013.11.20 20:57:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp71.dll [2012.08.16 14:12:06 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100.dll [2011.12.14 17:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.05 17:47:27 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.11.02 11:19:34 | 001,400,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2013.04.18 18:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll [2013.04.18 18:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll [2013.04.18 18:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll [2013.04.18 18:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll [2012.11.20 05:22:50 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.06.29 17:01:42 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2013.07.09 13:10:36 | 001,205,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012.12.29 11:26:54 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll [2012.07.03 16:25:20 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapo32v.dll [2012.12.29 11:26:54 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll [2012.12.29 09:26:22 | 004,129,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcpl.dll [2012.12.29 11:26:54 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll [2012.12.29 11:26:54 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll [2012.12.29 11:26:54 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll [2012.12.29 11:26:54 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll [2012.12.29 11:26:54 | 001,017,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispco32.dll [2012.12.29 11:26:54 | 000,889,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispgenco32.dll [2012.05.15 11:26:00 | 000,883,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvgenco32.dll [2012.07.03 08:37:56 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvhdagenco3220103.dll [2012.07.03 16:25:21 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvhdap32.dll [2012.12.29 09:25:57 | 000,108,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvmctray.dll [2012.12.29 11:26:54 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll [2012.12.29 11:26:54 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvopencl.dll [2012.12.29 09:25:57 | 000,062,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvshext.dll [2012.12.29 09:26:22 | 003,001,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvc.dll [2012.12.29 09:25:57 | 002,557,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvcr.dll [2012.12.29 11:26:54 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll [2012.04.19 13:56:57 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2012.05.15 11:26:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll [2011.11.18 18:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2013.04.09 15:13:52 | 000,095,416 | ---- | M] (pdfforge GmbH) -- C:\Windows\system32\pdfcmon.dll [2013.11.20 20:57:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\system32\pncrt.dll [2013.11.20 20:57:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\pndx5016.dll [2013.11.20 20:57:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\pndx5032.dll [2012.04.19 13:56:57 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2013.07.20 11:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll [2013.05.02 05:03:42 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\printcom.dll [2011.10.25 16:58:54 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2013.06.01 05:06:08 | 000,505,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll [2012.11.08 04:48:38 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012.01.09 16:54:08 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpencom.dll [2013.04.18 18:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll [2013.11.20 20:58:11 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\system32\rmoc3260.dll [2013.07.10 10:47:00 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll [2012.06.02 01:04:25 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2011.11.16 17:23:08 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012.11.22 04:54:36 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shlwapi.dll [2013.04.24 10:58:56 | 000,362,029 | ---- | M] () -- C:\Windows\system32\sqlite3.dll [2012.09.25 17:19:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.07.16 05:35:16 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\themeui.dll [2013.07.17 20:41:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.10.13 10:33:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.10.13 10:37:03 | 001,104,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.10.13 10:29:02 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2013.04.03 08:58:16 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01007.dll [2012.07.26 03:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll [2012.04.19 13:56:58 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2013.05.02 05:04:25 | 000,443,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.11.18 14:14:06 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winhttp.dll [2013.10.13 10:35:38 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2011.10.14 17:03:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winmm.dll [2013.03.08 04:53:50 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2013.07.08 05:20:04 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2013.04.03 08:58:16 | 000,581,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller.dll [2012.02.29 16:11:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2013.08.02 05:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2012.06.02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2012.06.02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.07.26 04:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll [2012.07.26 04:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll [2012.07.26 04:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll [2012.07.26 04:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll [2012.06.02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2012.06.02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2012.06.02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2012.06.02 14:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.06.30 20:30:27 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2009.06.30 20:30:28 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job [2010.02.09 16:23:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.02.09 16:23:58 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.03.20 07:32:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.08.22 23:05:53 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000Core.job [2013.08.22 23:05:56 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472820592-3686497848-1455512980-1000UA.job < > < End of report > |
|
29.11.2013, 08:27
| #22 |
| /// the machine /// TB-Ausbilder | Malwarebytes Anti-Malware Scan findet zwei Viren also der Fix lief tadellos durch, alle Malware ist weg. Er scheint sich nur bei dem Emptytemp Befehl aufgehängt zu haben. Der löscht eigentlich nur die temporären Dateien. Mach bitte mal auf ein Dokument nen Rechtsklick > Eigenschaften, und davon nen Screenshot. Und bitte eines dieser Dokumente mal zippen und anhängen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.11.2013, 10:10
| #23 |
| | Malwarebytes Anti-Malware Scan findet zwei Viren Teil 1... 4 Screenshot's das Dokument ist im Original nicht mehr vorhanden & verschwunden das letzte Screenshot taucht seit dem 1ten gescheiterten OTL Scan immer wieder auf... |
|
29.11.2013, 10:15
| #24 |
| | Malwarebytes Anti-Malware Scan findet zwei Viren Teil 2 4 Screenshots eines anderen Dokument wie bei den anderen Dokumenten ist das Original nicht mehr vorhanden |
|
30.11.2013, 13:55
| #25 |
| /// the machine /// TB-Ausbilder | Malwarebytes Anti-Malware Scan findet zwei Viren Irgendwie scnall ich gar nicht was OTL da gemacht haben soll. Ich frag mal ein paar Kollegen. Etwas Geduld bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.12.2013, 11:19
| #26 |
| /// the machine /// TB-Ausbilder | Malwarebytes Anti-Malware Scan findet zwei Viren Hi, sorry für die Verspätung. Versuch bitte mal ne Systemwiederherstellung auf vor den ersten Fix mit OTL.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Malwarebytes Anti-Malware Scan findet zwei Viren |
| anti-malware, durchgeführt, firefox, gefunde, heutige, langsam, laufe, laufend, malwarebytes, malwarebytes anti-malware, mozilla, mozilla firefox, pup.optional.ibryte, pup.optional.inbox, pup.optional.installcore, pup.optional.opencandy, pup.optional.sweetim, scan, viren, vista |
Linear-Darstellung
