| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Webseiten werden auf Werbung umgeleitet.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2014, 19:53
| #1 |
| |  Windows 7: Webseiten werden auf Werbung umgeleitet. Hi, habe das Problem das mein firefox manchmal zuerst eine Werbeseite aufruft und nach jedem neustart adblock von meinem firefox entfernt wird. Das Problem hierfür ist wohl Adware/Crossrider.A.507 den mein antivir zwar finden aber nicht komplett löschen kann. Zusätzlich habe ich wohl ein paar andere unerwünschte Programme die ich allerdings auch nicht los werde und keine Ahnung habe was sie machen zumindest blockt mein malewarebytes ab und an eine website die ich nicht aufgerufen habe. hoffe ihr könnt mir helfen. Grüße Martin Hier noch meine log files. Anhang 66505 Anhang 66506 Anhang 66508 Anhang 66510 |
|
25.04.2014, 21:10
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Webseiten werden auf Werbung umgeleitet. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.04.2014, 22:50
| #3 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet.Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 01
Ran by Martin at 2014-04-25 20:04:24
Running from C:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
aiofw (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
aioocr (x32 Version: 1.00.0000 - kodak) Hidden
aioprnt (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKCU\...\SOE-C:/Users/Martin/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
ATI Catalyst Install Manager (HKLM\...\{8019A54F-530F-84C2-24DD-1C9F53257F7C}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield Heroes (Martin) (HKCU\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM-x32\...\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}) (Version: 1.0.10.0 - DeviceVM Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
center (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
concept/design onlineTV 6 (HKLM-x32\...\{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1) (Version: onlineTV 6 - concept/design GmbH)
Counter-Strike 1.6 V40 (HKLM-x32\...\Counter-Strike 1.6 V40) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: - )
Curse Client (HKCU\...\090215de958f1060) (Version: 4.0.1.286 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version: - Microsoft)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.5.17.9 - DeviceVM, Inc.)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.9.40.602 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPU Caps Viewer v1.4.2 (HKLM-x32\...\GPU Caps Viewer_is1) (Version: - oZone3D.Net)
Hamachi 1.0.1.5 (HKLM-x32\...\Hamachi) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Help_CTR (x32 Version: 2.01.0000.000 - Eastman Kodak Company) Hidden
helptut (x32 Version: 2.00.0000.0000 - kodak) Hidden
helpug (x32 Version: 2.01.0000.0000 - kodak) Hidden
HGST Align Tool (HKLM-x32\...\{DD432BE5-28CD-413E-875F-1B04550ED306}) (Version: 2.0.154 - Acronis)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Iminent (x32 Version: 6.46.1.0 - Iminent) Hidden <==== ATTENTION
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 20 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 23 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
KODAK All-in-One-Druckersoftware (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
ksdip (x32 Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MorphVOX Pro (HKLM-x32\...\{6D938EC0-26C8-4926-B082-64BABE34EB84}) (Version: 4.3.19 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
netbrdg (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.2.6.475 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26246 - Grinding Gear Games)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Power Sound Editor Free (HKLM-x32\...\Power Sound Editor Free) (Version: - PowerSE Studio Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Protegere (HKLM-x32\...\Protegere) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QIP 2010 10.10.12.4240 (HKCU\...\QIP 2010) (Version: 10.10.12.4240 - )
QIP Internet Guardian (HKCU\...\QipGuard) (Version: - )
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.12 - dnSoft Research Group)
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version: - RAR Password Unlocker, Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.23 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Sandboxie 3.48 (64-bit) (HKLM\...\Sandboxie) (Version: - )
SFR (x32 Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Sound Blaster Play! (HKLM-x32\...\{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}) (Version: 1.1 - )
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
SpyHunter (HKLM\...\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}) (Version: 4.11.10.4138 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StationRipper 2.98.2 (HKCU\...\StationRipper) (Version: 2.98.2 - Ratajik Software)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SX Virtual Link (HKLM\...\SX Virtual Link) (Version: 2.2.0 - silex technology, Inc.)
System.Data.SQLite v1.0.74.0 (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.74.0 - System.Data.SQLite Team)
TeamPlayerLITE (HKLM-x32\...\{AB262B3B-3D7C-4252-88EA-16E359202365}_is1) (Version: v2.5 - WunderWorks)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version: - Nadeo)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.20 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unigine Heaven Benchmark v2.1 (HKLM-x32\...\{38468127-9E6F-4FC9-B5F7-42D4AD437D96}) (Version: 2.1 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Veetle TV 0.9.17 (HKLM-x32\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VKMusic 4 (HKLM-x32\...\VKMusic 4_is1) (Version: - )
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.7.7 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version: - )
Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Word Reader 5.4 (HKLM-x32\...\Word Reader 5.4) (Version: - hxxp://www.word-reader.com/)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
X-NetStat Pro 5.59 (HKLM-x32\...\X-NetStat Pro) (Version: 5.59 - Fresh Software)
YTD Video Downloader 3.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - GreenTree Applications SRL)
==================== Restore Points =========================
23-04-2014 01:19:50 Windows Update
24-04-2014 13:54:22 Installed osu!
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-09-21 14:42 - 00000950 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 mp02.maniaplanet.com
127.0.0.1 mp01.maniaplanet.com
127.0.0.1 mp03.maniaplanet.com
127.0.0.1 game.maniaplanet.com
==================== Scheduled Tasks (whitelisted) =============
Task: {010D7A89-E101-461F-8C70-EF540C30B983} - System32\Tasks\{FB8EA66E-ED8D-45AD-AB21-9C643F703307} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {12DE61B0-2209-4588-B552-D5219EFCFA98} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1ADF5663-E05A-43D1-BC68-5B5CED2AEFF8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B777F26-C005-4300-8359-E7D0BE967350} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2012-10-10] (Enigma Software Group USA, LLC.)
Task: {3723DF38-63D0-4262-8052-DFFCF4EEBBE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {784C8773-8F92-4600-9188-969185BFB8BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {86018B28-2CB6-404F-A6B6-B2BB0D2285FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {B0BC92F7-18A5-4006-B559-64DEB6190EE4} - \Lyrics-Pal Update No Task File <==== ATTENTION
Task: {DA61FD1D-9973-44EA-A2B3-594DBB006D28} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {EC325C81-0468-4FB3-A8B3-B670DA0FD661} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-04-02] (ASUSTeK Computer Inc.)
Task: {F96FC6FB-2EFD-460F-9B63-799B3C1082FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Deskjet 3050A J611 series.exe_{C57CAAC8-E585-41BB-B398-9888A80E2599}.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe
Task: C:\Windows\Tasks\Toolbox.exe_{606C1327-B5C1-4E89-B0B0-70DA20BD40CF}.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\Toolbox.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2010-03-22 11:59 - 2010-03-22 11:59 - 00029696 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qgif4.dll
2010-03-22 11:59 - 2010-03-22 11:59 - 00155648 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-31 23:36 - 2013-10-31 23:36 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-08-11 20:51 - 2013-08-07 11:38 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-08-24 01:18 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2010-08-24 01:18 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-24 01:18 - 2009-06-24 08:47 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2014-03-20 13:16 - 2014-04-22 00:55 - 00340480 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\libavresample-1.dll
2014-04-23 16:08 - 2014-04-22 00:55 - 00471552 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\libavutil-53.dll
2014-03-20 13:16 - 2014-04-01 00:09 - 00754688 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\SDL2.dll
2014-03-20 13:16 - 2014-04-22 01:42 - 01135808 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\chromehtml.DLL
2014-03-20 13:16 - 2014-03-03 21:15 - 20626624 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\libcef.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 01100800 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avcodec-53.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 00124416 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avutil-51.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 00192000 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avformat-53.dll
2014-03-12 12:45 - 2014-03-12 12:45 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-11 00:44 - 2014-02-11 00:44 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Martin:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Martin\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Martin\Cookies:gs5sys
AlternateDataStreams: C:\Users\Martin\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Martin\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Martin\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Martin\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DvmMDES => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KodakSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TunngleService => 2
MSCONFIG\Services: Update ResultsAlpha => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk => C:\Windows\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Infium => "C:\Program Files\QIP 2010\qip.exe" /autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Martin\AppData\Roaming\QipGuard\QipGuard.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Users\Martin\Desktop\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Six Engine => "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpgradeHelper => C:\Users\Martin\AppData\Roaming\vlc\{F9D4713E-ED27-444D-B9A0-304AEC284D25}\UpgradeHelper.exe
MSCONFIG\startupreg: Userinit => C:\Users\Administrator\AppData\Roaming\appConf32.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe" /r
==================== Faulty Device Manager Devices =============
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/25/2014 05:53:01 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100077e2
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (04/25/2014 05:52:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100be510
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (04/22/2014 05:40:25 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (04/22/2014 02:42:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (04/16/2014 00:10:34 PM) (Source: Application Hang) (User: )
Description: Programm Steam.exe, Version 2.13.4.49 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fbc
Startzeit: 01cf5925a8153326
Endzeit: 879
Anwendungspfad: C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe
Berichts-ID: 3e9d1993-c54f-11e3-92ab-485b39cb382a
Error: (04/15/2014 08:40:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x52f977fe
Name des fehlerhaften Moduls: d3d9.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce7b7b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5bb86b34
ID des fehlerhaften Prozesses: 0x1424
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (04/13/2014 06:02:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x52f977fe
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000113a8
ID des fehlerhaften Prozesses: 0x1e64
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (04/06/2014 08:44:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DlProtectSvc.exe, Version: 0.0.0.0, Zeitstempel: 0x529d89c6
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000d89e
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xDlProtectSvc.exe0
Pfad der fehlerhaften Anwendung: DlProtectSvc.exe1
Pfad des fehlerhaften Moduls: DlProtectSvc.exe2
Berichtskennung: DlProtectSvc.exe3
System errors:
=============
Error: (04/24/2014 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2014 10:19:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2014 08:48:50 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 24.04.2014 um 20:47:46 unerwartet heruntergefahren.
Error: (04/23/2014 07:44:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/23/2014 07:44:14 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/22/2014 10:48:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (04/22/2014 06:05:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/22/2014 06:05:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "KMService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/22/2014 06:05:10 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/22/2014 06:05:05 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (04/25/2014 05:53:01 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e2a0801cf5fede7c43f6eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll186b1ee5-cc2d-11e3-942c-485b39cb382a
Error: (04/25/2014 05:52:52 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be510a0801cf5fede7c43f6eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll12d3005d-cc2d-11e3-942c-485b39cb382a
Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (04/22/2014 05:40:25 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (04/22/2014 02:42:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Martin\Downloads\SoftonicDownloader_fuer_power-sound-editor.exe
Error: (04/16/2014 00:10:34 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.13.4.491fbc01cf5925a8153326879C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe3e9d1993-c54f-11e3-92ab-485b39cb382a
Error: (04/15/2014 08:40:04 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.052f977fed3d9.dll_unloaded0.0.0.04ce7b7b3c00000055bb86b34142401cf58d2d378a555C:\Users\Martin\Desktop\Spiele\Metro2033\steamapps\common\Counter-Strike Global Offensive\csgo.exed3d9.dll5b2862e3-c4cd-11e3-92ab-485b39cb382a
Error: (04/13/2014 06:02:02 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.052f977fekernel32.dll6.1.7601.1822951fb1115c0000005000113a81e6401cf572387fa8703C:\Users\Martin\Desktop\Spiele\Metro2033\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Windows\syswow64\kernel32.dllf2c1c46b-c324-11e3-92ab-485b39cb382a
Error: (04/06/2014 08:44:24 PM) (Source: Application Error)(User: )
Description: DlProtectSvc.exe0.0.0.0529d89c6ole32.dll6.1.7601.175144ce7c92cc0000005000000000000d89e74401cf4d30f30eb226C:\Windows\System32\DlProtectSvc.exeC:\Windows\system32\ole32.dll78adfb1f-bdbb-11e3-aa48-485b39cb382a
CodeIntegrity Errors:
===================================
Date: 2010-08-24 19:23:45.222
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Martin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-08-24 19:23:45.218
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Martin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-08-24 19:23:44.789
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-08-24 19:23:44.785
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3326.18 MB
Available physical RAM: 1479.47 MB
Total Pagefile: 6650.54 MB
Available Pagefile: 3517.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:80.82 GB) NTFS
Drive d: (HP DJ3050A_J611) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A632BB87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 01 Ran by Martin (administrator) on LARTINN-PC on 25-04-2014 20:03:35 Running from C:\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Windows\DAODx.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Valve Corporation) C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\javaw.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9919104 2010-04-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-12] (Razer Inc.) HKLM-x32\...\Runonce: [TURBO_BOOST_SETTING] - [X] HKLM-x32\...\runonceex: [] - HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\setup.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {497776b3-ee23-11e2-a925-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {497776b4-ee23-11e2-a925-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {92533a2d-6492-11e1-875b-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {e0d7eb90-245f-11e2-9479-485b39cb382a} - G:\pushinst.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\setup.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {497776b3-ee23-11e2-a925-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {497776b4-ee23-11e2-a925-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {92533a2d-6492-11e1-875b-485b39cb382a} - 1 HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e0d7eb90-245f-11e2-9479-485b39cb382a} - G:\pushinst.exe HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-12] () HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe [1826496 2014-04-22] (Valve Corporation) HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [UpgradeHelper] => C:\Users\Administrator\AppData\Roaming\vlc\{F9D4713E-ED27-444D-B9A0-304AEC284D25}\UpgradeHelper.exe HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\SETUP.EXE HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\CTRun\Start.EXE HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA2A121A5A148CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.) URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKLM-x32 - Yandex URL = hxxp://yandex.ru/yandsearch?clid=48578&text={searchTerms} SearchScopes: HKLM-x32 - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKCU - DefaultScope {4DFF49FF-10AA-4058-B6E2-17C512E682A3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKCU - Moikrug URL = hxxp://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKCU - Yandex URL = hxxp://yandex.ru/yandsearch?clid=48578&text={searchTerms} SearchScopes: HKCU - {4DFF49FF-10AA-4058-B6E2-17C512E682A3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKCU - {C0683A28-5232-428c-A305-CCCB8DCCEF32} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: QipLI Class - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\user.js FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll ( ) FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\searchplugins\web-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Heroes Updater - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\battlefieldheroespatcher@ea.com [2014-04-14] FF Extension: TVU Web Player - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\firefox@tvunetworks.com [2010-09-25] FF Extension: vShare Plugin - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\vshare@toolbar [2010-09-25] FF Extension: DVDVideoSoft Menu - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-06-26] FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-12] FF HKLM-x32\...\Firefox\Extensions: [{1716C58A-4AA1-42A6-A460-28084167C07C}] - C:\Windows\Installer\{A01AC19F-949C-42CB-97CE-6EF5D517FD1B}\{1716C58A-4AA1-42A6-A460-28084167C07C}.xpi FF Extension: Download Protect - C:\Windows\Installer\{A01AC19F-949C-42CB-97CE-6EF5D517FD1B}\{1716C58A-4AA1-42A6-A460-28084167C07C}.xpi [2014-04-22] FF HKCU\...\Firefox\Extensions: [{33044118-6597-4D2F-ABEA-7974BB185379}] - C:\Users\Martin\AppData\Roaming\01001.096 FF Extension: Java Link Helper - C:\Users\Martin\AppData\Roaming\01001.096 [2012-10-30] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30] CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30] CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30] CHR Extension: (No Name) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-03-15] CHR Extension: (AdBlock) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-30] CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-30] CHR Extension: (Download Protect) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idcjijfnpneodhefkkmbjhplpeegjolk [2014-03-18] CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.) S2 dialer64; C:\Windows\system32\dot3hc64.exe [118784 2014-03-15] () S4 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S4 KodakSvc; C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe [18944 2008-02-15] (Eastman Kodak Company) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3819912 2010-06-06] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-04-14] () S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-08-09] (SANDBOXIE L.T.D) S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1021888 2012-10-10] (Enigma Software Group USA, LLC.) S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-09-02] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH) S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-09-02] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 OAfilt; C:\Windows\System32\drivers\OAfilt.sys [23552 2011-07-15] (Creative Technology Ltd.) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [143464 2010-08-09] (SANDBOXIE L.T.D) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-24] () R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [77608 2007-05-18] (silex technology, Inc.) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U3 aj8vws8x; C:\Windows\System32\Drivers\aj8vws8x.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-25 20:03 - 2014-04-25 20:03 - 00000000 ____D () C:\FRST 2014-04-24 15:56 - 2014-04-24 15:56 - 00000845 _____ () C:\Users\Public\Desktop\osu!.lnk 2014-04-24 15:56 - 2014-04-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-04-24 15:55 - 2014-04-24 21:06 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-04-22 21:47 - 2014-04-25 19:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 21:46 - 2014-04-22 21:46 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-22 21:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-22 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-22 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-22 17:08 - 2014-04-22 17:13 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wise Registry Cleaner 2014-04-22 17:08 - 2014-04-22 17:08 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-04-14 05:08 - 2014-04-14 05:14 - 00000000 ____D () C:\Users\Martin\Documents\Battlefield Heroes 2014-04-14 05:07 - 2014-04-14 05:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games 2014-04-14 05:03 - 2014-04-14 05:03 - 00000000 ____D () C:\Program Files (x86)\EA Games 2014-04-13 19:29 - 2014-04-13 19:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-04-13 19:29 - 2014-04-13 19:29 - 00001117 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-04-13 19:29 - 2014-04-13 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2014-04-09 04:44 - 2014-04-09 04:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\Program Files\Speccy 2014-04-09 04:43 - 2014-04-09 04:43 - 04845384 _____ (Piriform Ltd) C:\Users\Martin\Downloads\spsetup125.exe 2014-04-01 12:48 - 2014-04-01 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job 2014-03-30 21:34 - 2014-03-30 21:34 - 00001207 _____ () C:\Users\Martin\Desktop\The Elder Scrolls Online.lnk 2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Windows\jre 2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online 2014-03-30 21:33 - 2014-03-30 21:35 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online 2014-03-30 21:33 - 2014-03-30 21:34 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry 2014-03-30 21:33 - 2014-03-30 21:33 - 00000000 ___HD () C:\Users\Martin\InstallAnywhere 2014-03-27 18:53 - 2014-03-27 18:53 - 00000234 _____ () C:\Users\Martin\Desktop\PlanetSide 2.url 2014-03-26 15:44 - 2014-04-22 17:53 - 00000306 __RSH () C:\ProgramData\ntuser.pol ==================== One Month Modified Files and Folders ======= 2014-04-25 20:03 - 2014-04-25 20:03 - 00000000 ____D () C:\FRST 2014-04-25 19:51 - 2014-04-22 21:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-25 19:48 - 2013-05-30 19:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-25 19:38 - 2013-02-07 21:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-25 16:39 - 2010-08-24 01:05 - 01066899 _____ () C:\Windows\WindowsUpdate.log 2014-04-25 16:02 - 2013-08-17 16:21 - 00085363 _____ () C:\Windows\setupact.log 2014-04-25 16:02 - 2010-08-27 17:55 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TS3Client 2014-04-25 05:53 - 2010-08-24 05:21 - 00000000 ____D () C:\Users\Martin\AppData\Local\CrashDumps 2014-04-24 21:06 - 2014-04-24 15:55 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-04-24 20:58 - 2009-07-14 06:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-24 20:58 - 2009-07-14 06:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-24 20:55 - 2009-07-14 19:58 - 00702342 _____ () C:\Windows\system32\perfh007.dat 2014-04-24 20:55 - 2009-07-14 19:58 - 00150714 _____ () C:\Windows\system32\perfc007.dat 2014-04-24 20:55 - 2009-07-14 07:13 - 01629180 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-24 20:48 - 2010-08-24 01:36 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-24 20:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-24 15:56 - 2014-04-24 15:56 - 00000845 _____ () C:\Users\Public\Desktop\osu!.lnk 2014-04-24 15:56 - 2014-04-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-04-23 03:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-22 22:22 - 2013-08-17 16:21 - 00222542 _____ () C:\Windows\PFRO.log 2014-04-22 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization 2014-04-22 22:19 - 2013-12-17 06:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Iminent 2014-04-22 22:19 - 2013-12-17 06:44 - 00000000 ____D () C:\ProgramData\Iminent 2014-04-22 22:19 - 2012-07-13 18:30 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter 2014-04-22 22:19 - 2011-06-26 16:41 - 00000000 ____D () C:\ProgramData\YouTube Downloader 2014-04-22 21:46 - 2014-04-22 21:46 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-22 17:53 - 2014-03-26 15:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 17:41 - 2013-02-07 21:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-22 17:41 - 2009-07-14 06:45 - 00444608 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-22 17:20 - 2010-08-24 03:52 - 00110512 _____ () C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-22 17:13 - 2014-04-22 17:08 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wise Registry Cleaner 2014-04-22 17:08 - 2014-04-22 17:08 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-04-22 17:01 - 2010-08-24 19:55 - 00000000 ____D () C:\Windows\pss 2014-04-16 05:34 - 2014-03-15 09:23 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\BupSystem 2014-04-14 05:14 - 2014-04-14 05:08 - 00000000 ____D () C:\Users\Martin\Documents\Battlefield Heroes 2014-04-14 05:09 - 2011-05-23 00:11 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-04-14 05:09 - 2011-03-26 23:28 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-04-14 05:07 - 2014-04-14 05:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games 2014-04-14 05:07 - 2011-03-26 23:28 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-04-14 05:07 - 2011-03-26 23:28 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-04-14 05:03 - 2014-04-14 05:03 - 00000000 ____D () C:\Program Files (x86)\EA Games 2014-04-13 19:46 - 2014-01-15 11:28 - 00000000 ____D () C:\Users\Martin\AppData\Local\Battle.net 2014-04-13 19:30 - 2014-04-13 19:29 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-04-13 19:29 - 2014-04-13 19:29 - 00001117 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-04-13 19:29 - 2014-04-13 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2014-04-13 19:28 - 2014-01-15 11:27 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-10 16:40 - 2011-10-05 19:04 - 00000000 ____D () C:\Users\Martin\Downloads\Music2 2014-04-10 07:18 - 2013-05-30 19:33 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-09 04:44 - 2014-04-09 04:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\Program Files\Speccy 2014-04-09 04:44 - 2010-10-07 09:26 - 00000000 ____D () C:\Users\Administrator 2014-04-09 04:43 - 2014-04-09 04:43 - 04845384 _____ (Piriform Ltd) C:\Users\Martin\Downloads\spsetup125.exe 2014-04-07 20:57 - 2014-02-07 17:51 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Awesomium 2014-04-03 09:51 - 2014-04-22 21:46 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-22 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-22 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 12:48 - 2014-04-01 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job 2014-03-31 09:35 - 2013-08-08 06:00 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-30 22:52 - 2014-02-07 17:47 - 00000000 ____D () C:\Users\Martin\Documents\Elder Scrolls Online 2014-03-30 22:52 - 2014-02-07 17:47 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online 2014-03-30 21:35 - 2014-03-30 21:33 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online 2014-03-30 21:34 - 2014-03-30 21:34 - 00001207 _____ () C:\Users\Martin\Desktop\The Elder Scrolls Online.lnk 2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Windows\jre 2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online 2014-03-30 21:34 - 2014-03-30 21:33 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry 2014-03-30 21:34 - 2010-08-24 01:05 - 00000000 ____D () C:\Users\Martin 2014-03-30 21:33 - 2014-03-30 21:33 - 00000000 ___HD () C:\Users\Martin\InstallAnywhere 2014-03-28 01:02 - 2013-10-18 04:39 - 00089076 _____ () C:\Windows\DirectX.log 2014-03-27 18:56 - 2010-08-24 03:46 - 00000000 ____D () C:\Users\Martin\Desktop\Spiele 2014-03-27 18:53 - 2014-03-27 18:53 - 00000234 _____ () C:\Users\Martin\Desktop\PlanetSide 2.url 2014-03-27 18:53 - 2012-08-04 12:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-26 15:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy Files to move or delete: ==================== C:\Users\Martin\AppData\Roaming\cache.ini C:\ProgramData\dlprotect.exe C:\Users\Martin\jagex_cl_runescape_LIVE.dat C:\Users\Martin\jagex_cl_runescape_LIVE1.dat C:\Users\Martin\jagex_runescape_preferences.dat C:\Users\Martin\jagex_runescape_preferences2.dat C:\Users\Martin\random.dat Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe C:\Users\Martin\AppData\Local\Temp\avgnt.exe C:\Users\Martin\AppData\Local\Temp\CTPBSeq.exe C:\Users\Martin\AppData\Local\Temp\ose00000.exe C:\Users\Martin\AppData\Local\Temp\ose00001.exe C:\Users\Martin\AppData\Local\Temp\rootsupd.exe C:\Users\Martin\AppData\Local\Temp\Wise_SETUP.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-23 03:22 ==================== End Of Log ============================ --- --- --- |
|
25.04.2014, 22:53
| #4 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.04.2014 Scan Time: 22:15:25 Logfile: maleware.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.22.05 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Martin Scan Type: Threat Scan Result: Completed Objects Scanned: 294858 Time Elapsed: 27 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 1 RiskWare.Tool.CK, C:\Windows\KMService.exe, 1812, Delete-on-Reboot, [67f6cc610f6cf93dab3094126e937b85] Modules: 0 (No malicious items detected) Registry Keys: 148 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DlProtectSvc, Quarantined, [6af3111cf18aa59174960d4b45bcae52], Adware.Agent, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{132401a7-2006-4342-b43c-ccf5f02c2b01}, Delete-on-Reboot, [6af3111cf18aa59174960d4b45bcae52], PUP.Optional.Iminent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SProtection, Quarantined, [5b027ab3d2a9a98d1eecf60d827fb24e], PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ResultsAlpha, Quarantined, [0f4e65c8cfacfd39c9ba311da160df21], PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ResultsAlpha, Quarantined, [5d00be6f55261224552e81cdbd449769], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [62fb71bcc7b4bb7b3463fb5215ed7c84], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [62fb71bcc7b4bb7b3463fb5215ed7c84], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\INPROCSERVER32, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}, Quarantined, [c79633fa8af18aac8a1178d50df50000], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, Quarantined, [c79633fa8af18aac8a1178d50df50000], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, Quarantined, [c79633fa8af18aac8a1178d50df50000], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], Trojan.Banker, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C0F1636E-13A8-4C84-BB11-774BE45E1F83}, Delete-on-Reboot, [b0ad1419cfac70c65ea246db50b236ca], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0af350d9-3916-454b-ac53-0b0b65f41301}, Quarantined, [025b939af08b37ffc0fcdc71b1511fe1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [e37ab974433889ad49741e2fca38fd03], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [71eca786582393a34b73c98435cd2ad6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ResultsAlpha, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [2736cf5ecdaec274f626f48e4ab84eb2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent, Quarantined, [97c640ed90ebb38334695d4f5aa9f50b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, Quarantined, [f4692904215a181e0f49ccccbc47847c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, Quarantined, [213c2904d4a7c4721a3e395f26dd3bc5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, Quarantined, [8ad3d8552259f73fadab03956b986c94], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, Quarantined, [f568a08dcead9c9a292f9bfdab58b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, Quarantined, [a2bb2eff56250036f1670098739016ea], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ClientCallback, Quarantined, [233a61cc116a62d43e71bfd5768dea16], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ContractBase, Quarantined, [1d40ba73cbb0e94d228d0e86bd465fa1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, Quarantined, [3627c26b2c4fde58436ce9abfe05a15f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, Quarantined, [8ecf37f6cbb0c571f7b8c9cb6f948b75], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, Quarantined, [6cf183aa691269cdf7b87222bc47d12f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, Quarantined, [4815b6771368ef47e7c8cdc70bf85aa6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, Quarantined, [84d9a18c49328aac03ac3c58d1329967], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, Quarantined, [045946e7c6b55cda7c33464e669dca36], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, Quarantined, [38256fbe5922171fbff08d07a063b749], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, Quarantined, [104dd8551a610036951a7d1771921be5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, Quarantined, [0c5153da6f0c9e98a00ff2a2c1427e82], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, Quarantined, [2f2eda53daa1df57129d6d27ea192ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, Quarantined, [a4b91e0f46351b1be6c924703ac9a65a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, Quarantined, [5eff99941f5cb581a50af99b659e946c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, Quarantined, [4815f835f784ca6cc5ea3163f90ac23e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, Quarantined, [322b3fee8cef51e548674f453ac9c63a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, Quarantined, [74e9a38a76054beb06a9f59f37ccc739], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, Quarantined, [dc819499d0abdb5b901fa8ec34cfbb45], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, Quarantined, [451871bcee8d24124c636232f70c5da3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, Quarantined, [bda09697f883b680d1dee4b0cf343cc4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, Quarantined, [bf9efd30daa16cca05aa96fe46bd0af6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, Quarantined, [1a439d906714f04646694b49fc07be42], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, Quarantined, [67f65ad35427c76fac037a1acd36bb45], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, Quarantined, [3528fa33e09b1c1a614e4d47c1429b65], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, Quarantined, [312c191445369c9af8b76c2807fc04fc], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, Quarantined, [88d59f8e057691a59e1103919c67718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, Quarantined, [9dc0e449116aad8927880c88cb381ce4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, Quarantined, [3d2071bc7803c47298172f6540c3cd33], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, Quarantined, [2c311e0f13684fe7a906286c6d968e72], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, Quarantined, [b8a566c7d1aa8caa3e71742022e14fb1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, Quarantined, [a0bd56d72c4f96a000af623240c354ac], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerCommand, Quarantined, [96c71e0f3942ad89a40bd8bc9d6655ab], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerResult, Quarantined, [3f1e2b02a6d5eb4bbdf22c68897a4ab6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightContent, Quarantined, [db826cc1abd020168c233460887bd828], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightUri, Quarantined, [114c83aa17640531e4cb702449ba27d9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.MediatorServiceProxy, Quarantined, [45189a93e3983303b7f89bf92ad98d73], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, Quarantined, [35288da0f18a1b1b3d1a425e39cad828], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\addplushd, Quarantined, [2e2fd05d08732b0bb2d6146019e97a86], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [bca1230aadceb482809c037fee1417e9], PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\ResultsAlpha, Quarantined, [3b22b77694e766d0c9b87036fe05d42c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent, Quarantined, [8cd130fd4b300b2b8a13e8c42dd6de22], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, Quarantined, [da83f8352556d462be9a1583bf44ea16], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, Quarantined, [cd90f33a0477fd391543d9bf7390c63a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, Quarantined, [1e3fe8458dee66d0e4740494e71cd927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, Quarantined, [0b5238f56e0dc86e094ffe9a5ea527d9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, Quarantined, [0f4e5cd182f9fd39f563a5f3d62d5ba5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ClientCallback, Quarantined, [ce8fe647accf66d0ae01a7edeb18619f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ContractBase, Quarantined, [6df0fb327ffcb284d9d6daba53b0ed13], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, Quarantined, [adb026075d1e37ff4a65deb656adfc04], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, Quarantined, [6fee3fee295247efd6d9f59f26ddcd33], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, Quarantined, [5c01a68784f7181e8827ace830d35ca4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, Quarantined, [1e3f78b5a4d77abc6f40039150b3a45c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, Quarantined, [ed706ebf04775cda119e7f15689b0ef2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, Quarantined, [79e4ce5f55260234347b395b2ed5758b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, Quarantined, [d18c65c88fec0630a9066331c83b14ec], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, Quarantined, [f964bb72f4871d19cde2bfd5887b817f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, Quarantined, [09546fbe0a71c76f228d0d876f946d93], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, Quarantined, [24397db05a21e452efc0fa9abe45bc44], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, Quarantined, [124b9d90215a86b0931c3a5a6f942cd4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, Quarantined, [4a13012c621976c04d62e2b2b25146ba], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, Quarantined, [035adb52651681b5c9e6d8bce320946c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, Quarantined, [67f62b02e695fb3bf7b8efa5ad56e41c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, Quarantined, [2f2eb37a25563ef89a158a0aca3947b9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, Quarantined, [0d5060cdcbb0a591a708326208fbc13f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, Quarantined, [ca9389a4205b10265d52623257ac0bf5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, Quarantined, [b8a5c06d1f5c87af9a1534607f84a65a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, Quarantined, [1548ad800378de581e91890b56ada55b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, Quarantined, [382557d6d2a956e04b64c5cfee154fb1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, Quarantined, [5c019796a3d83df9d3dc247061a20ff1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, Quarantined, [90cd4de03e3d9f9727885044c1422bd5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, Quarantined, [67f6d5587308d36337786d27996a9b65], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, Quarantined, [0d501c11087339fd6f400d8743c0f709], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, Quarantined, [c39a4fde4833ae8809a6692bed16b050], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, Quarantined, [97c670bdb8c3ab8bebc4316350b356aa], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, Quarantined, [025ba08d4734fa3c3976bcd8b84bae52], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, Quarantined, [fb625fce3b40bd791897f59f62a1fb05], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, Quarantined, [de7ff8358cefaa8c307f91039d6611ef], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerCommand, Quarantined, [94c934f90f6ccf67fab51f7534cfc53b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerResult, Quarantined, [322bf637f7840135238c1c78d52e1ae6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightContent, Quarantined, [6eef78b59ddec472713e603446bdff01], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightUri, Quarantined, [1e3f4ae31962e650149b108401028b75], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.MediatorServiceProxy, Quarantined, [9ac3d05dfa81c373317e5242768d718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, Quarantined, [4a13bf6eb9c26cca93c4247ceb188c74], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [e57871bcfc7fae888dadaec628da8c74], PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, Quarantined, [8ecf29047efddc5ac6295246e61d7f81], PUP.Optional.Iminent.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Delete-on-Reboot, [06572805c8b35bdb21fc651d8181659b], PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlpha, Delete-on-Reboot, [b5a8a6877efd6cca9ae802a4d330b44c], PUP.Optional.AddPusHD.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, Delete-on-Reboot, [3e1f80ad9cdfc175f592baba61a1ed13], PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Delete-on-Reboot, [d786c469502b112574755e4d8182946c], PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Delete-on-Reboot, [70ed48e52457e45295a6680c689a06fa], PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\hdideo, Delete-on-Reboot, [a9b4e647790220162069d3a1ee14ec14], PUP.Optional.Softonic.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Delete-on-Reboot, [c49931fcfe7d3ef83816c1ae12f060a0], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522292216}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522292216}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\addplushd, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], Registry Values: 2 PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 4 } } } , Quarantined, [8ecf29047efddc5ac6295246e61d7f81] PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPROTECTION|ImagePath, C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe, Quarantined, [124b80adf78430060f8e3064fc07c23e] Registry Data: 0 (No malicious items detected) Folders: 58 PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\de, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\en, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\es, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\fr, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\inst, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\inst\Bootstrapper, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\it, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\ro, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\tr, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent, Quarantined, [afae1f0e176441f504f1d0c661a2b749], PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], PUP.Optional.Iminent.A, C:\Users\Martin\AppData\Roaming\Iminent\Mediator, Quarantined, [431af934f78434023fe265fb43bfc13f], PUP.Optional.Iminent.A, C:\Users\Martin\AppData\Roaming\Iminent\Mediator\Datas, Quarantined, [431af934f78434023fe265fb43bfc13f], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\images, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\jquery, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\lib, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\adapters, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2\off, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2\on, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\bhp, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\emoji, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\ql, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\games, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\menu_page, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\services, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\de, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\en, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\es, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\fr, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\it, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\pt_BR, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\tr, Quarantined, [72eb5fce681385b1b3702240c73bdd23], PUP.Optional.AddPusHD.A, C:\Program Files (x86)\addplushd, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData\plugins, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData\userCode, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\icons, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\icons\actions, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\api, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\lib, Quarantined, [d4891815cdaed56170a122454ab802fe], PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\lib\popupResource, Quarantined, [d4891815cdaed56170a122454ab802fe], Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-25 20:33:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\pxdiafow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b9000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b902f 23 bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88011f52d8c 12 bytes {MOV RAX, 0xfffffa8003f802a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe[2696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe[2696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80027a92c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80027a92c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80027a92c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80027a92c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80027a92c0
Device \Driver\aj8vws8x \Device\Scsi\aj8vws8x1 fffffa80041812c0
Device \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target1Lun0 fffffa80041812c0
Device \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target0Lun0 fffffa80041812c0
Device \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target3Lun0 fffffa80041812c0
Device \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target2Lun0 fffffa80041812c0
Device \FileSystem\Ntfs \Ntfs fffffa80027ad2c0
Device \Driver\usbohci \Device\USBPDO-5 fffffa80040982c0
Device \Driver\usbehci \Device\USBFDO-3 fffffa800409a2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C12C0FE1-CD7B-4E57-9E25-434124CB3406} fffffa8003d982c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa800409a2c0
Device \Driver\cdrom \Device\CdRom0 fffffa8003dfb2c0
Device \Driver\cdrom \Device\CdRom1 fffffa8003dfb2c0
Device \Driver\cdrom \Device\CdRom2 fffffa8003dfb2c0
Device \Driver\cdrom \Device\CdRom3 fffffa8003dfb2c0
Device \Driver\cdrom \Device\CdRom4 fffffa8003dfb2c0
Device \Driver\usbehci \Device\USBPDO-6 fffffa800409a2c0
Device \Driver\usbohci \Device\USBFDO-4 fffffa80040982c0
Device \Driver\usbohci \Device\USBPDO-2 fffffa80040982c0
Device \Driver\usbohci \Device\USBFDO-0 fffffa80040982c0
Device \Driver\usbohci \Device\USBFDO-5 fffffa80040982c0
Device \Driver\usbehci \Device\USBPDO-3 fffffa800409a2c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa800409a2c0
Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80027a52c0
Device \Driver\volmgr \Device\FtControl fffffa80027a52c0
Device \Driver\volmgr \Device\VolMgrControl fffffa80027a52c0
Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80027a52c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{13987129-3E56-4378-A3C8-6CE5BCA1EB34} fffffa8003d982c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8003d982c0
Device \Driver\usbehci \Device\USBFDO-6 fffffa800409a2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{4DB66B84-5481-4440-81C7-C3EDA3C911B5} fffffa8003d982c0
Device \Driver\usbohci \Device\USBPDO-4 fffffa80040982c0
Device \Driver\usbohci \Device\USBFDO-2 fffffa80040982c0
Device \Driver\usbohci \Device\USBPDO-0 fffffa80040982c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80027a92c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80027a92c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80027a92c0
Device \Driver\atapi \Device\ScsiPort4 fffffa80027a92c0
Device \Driver\aj8vws8x \Device\ScsiPort5 fffffa80041812c0
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80027a92c0]<< spye.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80027a92c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80037dd790] fffffa80037dd790
Trace 3 CLASSPNP.SYS[fffff88001a5743f] -> nt!IofCallDriver -> [0xfffffa8003759560] fffffa8003759560
Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800375b680] fffffa800375b680
Trace \Driver\atapi[0xfffffa8002888e70] -> IRP_MJ_CREATE -> 0xfffffa80027a92c0 fffffa80027a92c0
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\Drivers\aj8vws8x.SYS fffff88011285000-fffff880112ca000 (282624 bytes)
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4776:4860] 000007feefa59688
---- Processes - GMER 2.1 ----
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1740] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20) 0000000010000000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20) 0000000003890000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\MSVCP71.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2011-02-18 05:12:24) 000000007c3a0000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\MSVCR71.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Microsoft® C Runtime Library/Microsoft Corporation)(2008-03-04 00:34:38) 000000007c340000
Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [3032] (Razer Configurator/Razer Inc.)(2014-03-14 06:33:22) 0000000054a30000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Program Files\Java\jre6\bin\javaw.exe [1428] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20) 0000000010000000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\explorer.exe [424] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20) 0000000010000000
Library C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\system32\notepad.exe [6004] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20) 0000000010000000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x89 0xC4 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x76 0xD4 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x3A 0x94 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x31 0x19 0x10 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x6B 0x2D 0x37 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x4D 0xBF 0x4D 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x89 0xC4 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x76 0xD4 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x3A 0x94 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x31 0x19 0x10 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x6B 0x2D 0x37 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x4D 0xBF 0x4D 0x39 ...
---- EOF - GMER 2.1 ----
|
|
26.04.2014, 15:58
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet. Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
