Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text (https://www.trojaner-board.de/118593-win-7-gvu-trojaner-aehnlich-2-04-anderem-text.html)

SirInsanity 05.07.2012 09:24
WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text
 
Hallo,
ich habe mir den GVU-Trojaner eingefangen.
dieser blockiert sobald er aufgeht meinen ganzen Bildschirm, komm noch in das Benutzermenü, aber der Tasmanager lässt sich nicht öffnen bzw wird nciht angezeigt. Nach einem Neustart habe ich kurz zeit bis der Trojaner den Bildschirm wieder blockiert, durch einen erneuten neustart, bei dem ich sobald der Trojaner sich geschlossen hat abbreche, kann ich meinen Pc am laufen halten.

otl.txt
Code:
OTL logfile created on: 05.07.2012 10:13:09 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\xxxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 27,15% Memory free
8,00 Gb Paging File | 4,74 Gb Available in Paging File | 59,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 32,72 Gb Free Space | 27,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 124,87 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
Drive G: | 1,92 Gb Total Space | 1,91 Gb Free Space | 99,47% Space Free | Partition Type: FAT
 
Computer Name: ***** | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Web Assistant\Extension32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A4 E1 7D A2 DE CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=4289ac8d0000000000000000000000000000
IE - HKCU\..\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}: "URL" = hxxp://www.slaago.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MruuIucd
IE - HKCU\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={40DECC56-E384-493A-B08C-66B9334F2CB9}&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&lang=de&ds=gh011&pr=sa&d=2012-04-15 17:00:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJK6Q4w&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%7D&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&ds=gh011&v=11.1.0.7&lang=de&pr=sa&d=2012-04-15%2017%3A00%3A47&sap=hp"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%7D&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&ds=gh011&v=11.1.0.7&lang=de&pr=sa&d=2012-04-15%2017%3A00%3A47&sap=ku&q="
 
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=MruuIucd&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.12 17:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 13:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 13:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 17:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 11:39:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 11:39:11 | 000,000,000 | ---D | M]
 
[2011.03.05 17:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions
[2012.06.12 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions
[2012.01.29 19:03:26 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}
[2012.01.31 17:21:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@babylon.com
[2012.06.12 17:36:43 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@incredibar.com
[2011.03.06 17:52:19 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\firefox@tvunetworks.com
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\google-search.xml
[2012.06.12 17:36:24 | 000,002,203 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\MyStart Search.xml
[2012.01.29 19:03:21 | 000,000,792 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\startsear.xml
[2011.09.17 16:10:20 | 000,001,565 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\web-search.xml
[2012.05.06 18:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.06 18:27:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.12 17:36:37 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.06.12 13:41:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2011.09.17 16:10:12 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\xxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YTKFJ7WC.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.06.24 14:15:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.29 19:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.24 14:15:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 13:41:20 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.07.24 19:50:07 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.24 14:15:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 14:15:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2012.06.24 14:15:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 14:15:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 14:15:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.01 05:17:06 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61117D82-11E3-4CF7-A9E5-C8D4BBC29531}: NameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell\AutoRun\command - "" = F:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 09:42:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{98519D34-786E-4514-B2C3-9C936FF1FDB8}
[2012.07.05 09:42:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5FC27973-2915-4CAA-88ED-BDB4DA731419}
[2012.07.04 09:19:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.04 06:38:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8D75044B-2497-4475-9C8A-3FC5D510BF66}
[2012.07.03 18:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E8CDD602-C095-403F-8BD2-96FA3B193F9A}
[2012.07.03 18:35:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{9265B5B4-B745-45EE-9EA9-42EDD08A384D}
[2012.07.03 01:33:16 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2012.07.03 01:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 01:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 01:33:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 01:05:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{16DD58BB-5ABC-4330-8F0A-B77548A6771B}
[2012.07.03 01:03:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3883CACF-7C10-4A6C-9C9F-CE67A4EBE671}
[2012.07.02 05:06:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2A745525-A4FA-42C9-9670-89334B4BE9BB}
[2012.07.01 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E6D00403-8DA8-45FD-A7E0-0494AE8BCFDF}
[2012.07.01 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5ECA69B1-95FF-426A-A233-5E97B62ABD52}
[2012.07.01 04:42:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BE4309AF-95E7-49FF-BABB-C741BECBA1C3}
[2012.07.01 04:40:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5D721F0B-6617-4932-AE08-F46C169B4F72}
[2012.06.30 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{B4C3E13A-012C-4946-BC1E-F589E8706D13}
[2012.06.30 03:56:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{988A0A30-96A1-4ED5-AA27-CA07580F518A}
[2012.06.30 03:56:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E06291BE-5EBC-4445-8E5A-F2C5FB6AD331}
[2012.06.29 15:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{F5D97B7C-FB8B-4F58-9465-3BEBF1C618F8}
[2012.06.29 03:55:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{609C89AA-BD87-4C2D-B6F1-7B99BDDD6F26}
[2012.06.29 03:55:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{41AD1B5E-3356-4502-BBBC-B6D1F91115D6}
[2012.06.28 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3C842CF4-D150-442C-A504-1A122CDAAA4D}
[2012.06.28 03:52:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A685F20C-A1DD-49BF-82FA-87A2B014F048}
[2012.06.28 03:52:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DD58E244-4C8A-4338-9489-F48051E2BFC3}
[2012.06.27 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7CBCF33A-5F13-4B0A-B395-29762969CA3D}
[2012.06.27 03:50:28 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C40C7990-8CEF-4F51-998E-C7EACBBCAF71}
[2012.06.26 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D92AA852-D1CC-4449-AAA0-5EB2CA29702D}
[2012.06.26 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{02BD5822-BC4C-495D-BA9A-E4797248AB30}
[2012.06.26 03:48:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7DAF9FE8-5837-4D5C-A28A-87E10F2EB2E7}
[2012.06.25 15:47:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3F6C6DC4-D865-4222-90B1-DCCAE2394719}
[2012.06.25 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C7970780-ACC1-40DC-A1AA-A1B3C38C926C}
[2012.06.24 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.24 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.24 15:47:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A46BFF78-E3D2-4BA1-9FBC-DE28B0A92092}
[2012.06.24 03:46:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A8FA4AE3-C0A5-461B-814A-E542181DEF89}
[2012.06.24 03:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{FC160A0E-B70A-4648-8461-4174D64C5346}
[2012.06.23 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D5104F4B-8736-4052-9840-8137FB2AD3EE}
[2012.06.23 03:45:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0AFEB484-C5F3-46E7-898B-D435F8A8A84C}
[2012.06.23 03:43:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{33553DD8-7565-400A-9B52-9DEB3CA2B37C}
[2012.06.22 13:54:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2C9E7A4F-3668-4399-97C4-6698428EFB1A}
[2012.06.22 01:55:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 01:55:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 01:55:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 01:55:03 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 01:55:03 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 01:55:03 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 01:54:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 01:54:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.22 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{82F5EB66-B38C-4DE6-8EC7-C3555A6E9EF3}
[2012.06.22 01:52:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3578BC71-AAF3-41E2-AF46-404F31B71CB0}
[2012.06.20 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BB53EB6A-2CAF-4ADE-931B-537DA6D77BAF}
[2012.06.20 01:59:13 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6C27D919-FDC9-4A9C-A81D-5C64B19D7916}
[2012.06.20 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DB46EB4C-5EBF-4CF9-AC17-9F6471B5FF73}
[2012.06.19 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{415943B8-5CD3-4E2F-9443-C507F6C0DD03}
[2012.06.18 01:57:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{87A94341-B390-451F-91FF-D9EF22F0406E}
[2012.06.17 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{19D5E307-D70E-4C4A-A34D-56FA1C98DA4E}
[2012.06.16 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84EB282A-D568-467B-9268-BEC21B125317}
[2012.06.16 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DA372BE6-F2F9-4F27-A907-A5342FA0E1D1}
[2012.06.15 03:36:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{24C98FD5-2E31-4DDE-92FF-2AEF81F3815F}
[2012.06.14 23:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.14 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.14 19:15:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 19:15:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 19:15:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 19:15:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 19:15:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 19:15:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 19:15:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 19:15:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 19:15:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 19:15:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 19:15:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 19:15:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 19:15:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 15:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7A80E386-7BBD-47CE-A3BC-D6ED7096A299}
[2012.06.14 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Macromedia
[2012.06.14 03:37:03 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 03:37:03 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 03:37:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 03:36:55 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 03:36:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 03:36:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 03:36:51 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.06.14 03:36:50 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 03:36:40 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 03:36:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.14 03:33:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E052B738-780C-4DD8-9B44-A26EFB620684}
[2012.06.14 03:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6463369B-C33B-4A60-A2CD-FC8644D2632A}
[2012.06.13 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\AVG Secure Search
[2012.06.13 14:55:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{425E9A86-E13B-4FE3-AB0E-0994F3A609BD}
[2012.06.13 02:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0A412164-D9CD-479C-B94B-9753A947A120}
[2012.06.13 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84A67436-EEEF-4DCB-8166-FD786A7CC2A8}
[2012.06.12 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.12 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.06.12 12:20:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{4E38FF88-98B3-4E5F-90A5-238500B6305C}
[2012.06.12 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3D232EBE-09DE-46EB-AFC9-E272859DAF2C}
[2012.06.12 00:19:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{EEDC41B3-AEF8-445B-A4DA-DC11E717EF08}
[2012.06.11 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5047F25D-758B-470F-B3A1-849C06B03F41}
[2012.06.11 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7503E00B-C43B-4B29-AD09-ADEBCEAB27EA}
[2012.06.11 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8AD3C198-1B6F-461E-99BA-E5127899F803}
[2012.06.10 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{548B4821-19FB-4445-9CAE-0C45CA944B41}
[2012.06.10 12:16:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{38614C7D-790B-44A0-8B4E-85CF62B640D3}
[2012.06.09 08:09:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5827A9CF-5EFD-40EB-AF02-D5A1886D8ACB}
[2012.06.09 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5483E1EA-4CEC-4E4E-977B-D0A37FD08B1B}
[2012.06.07 23:54:35 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{57BE2FA3-6BF6-4F50-9021-C90E1E6486DF}
[2012.06.07 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{F95C31A0-3C9D-4223-8D2B-C8F6B69D7678}
[2012.06.06 23:53:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{9547D8A2-FEFE-4938-B427-03A95AA00EBB}
[2012.06.06 11:53:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{B6E02AD5-E21D-4012-9FFB-7E6353D2913C}
[2012.06.06 11:51:34 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0753F60D-68A7-4E9F-8425-88129D463069}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 09:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.05 09:29:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 09:10:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.07.04 23:29:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 21:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.04 16:25:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 09:19:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.03 18:45:32 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 18:45:32 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 18:41:18 | 001,633,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 18:41:18 | 000,703,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 18:41:18 | 000,658,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 18:41:18 | 000,151,708 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 18:41:18 | 000,124,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 18:37:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 18:35:13 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 01:33:08 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.23 03:47:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.23 03:47:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.20 18:40:51 | 000,300,266 | ---- | M] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.14 21:40:43 | 000,342,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 17:36:45 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.06.12 17:31:17 | 001,036,416 | ---- | M] () -- C:\Users\xxxxx\Desktop\JDownloaderSetup_CH3.exe
[2012.06.08 00:15:52 | 000,056,320 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.03 01:33:08 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 01:08:06 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.20 18:40:49 | 000,300,266 | ---- | C] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.12 17:36:44 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.06.12 17:31:08 | 001,036,416 | ---- | C] () -- C:\Users\xxxxx\Desktop\JDownloaderSetup_CH3.exe
[2012.03.08 12:22:35 | 000,351,378 | ---- | C] () -- C:\Users\xxxxx\IMG_02932.jpg
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.15 14:21:54 | 000,000,838 | ---- | C] () -- C:\Users\xxxxx\.recently-used.xbel
[2011.11.04 16:22:49 | 000,000,072 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\blckdom.res
[2011.07.13 22:06:56 | 001,210,411 | ---- | C] () -- C:\Users\xxxxx\IMG_1040.JPG
[2011.07.13 22:06:54 | 000,968,566 | ---- | C] () -- C:\Users\xxxxx\IMG_1039.JPG
[2011.07.13 22:06:31 | 001,122,157 | ---- | C] () -- C:\Users\xxxxx\IMG_0970.JPG
[2011.07.13 22:06:27 | 001,172,241 | ---- | C] () -- C:\Users\xxxxx\IMG_0969.JPG
[2011.07.13 22:06:24 | 000,985,082 | ---- | C] () -- C:\Users\xxxxx\IMG_0966.JPG
[2011.07.13 22:06:17 | 001,257,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0960.JPG
[2011.07.13 22:06:15 | 001,391,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0959.JPG
[2011.07.13 22:06:10 | 000,896,078 | ---- | C] () -- C:\Users\xxxxx\IMG_0947.JPG
[2011.07.13 22:04:50 | 000,757,495 | ---- | C] () -- C:\Users\xxxxx\IMG_0661.JPG
[2011.07.13 22:03:10 | 000,884,066 | ---- | C] () -- C:\Users\xxxxx\IMG_0293.JPG
[2011.07.13 22:01:26 | 000,753,673 | ---- | C] () -- C:\Users\xxxxx\IMG_0022.JPG
[2011.03.05 17:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.01 23:00:03 | 001,068,568 | ---- | C] () -- C:\Users\xxxxx\Wettbewerb.rar
[2011.01.26 10:35:31 | 001,655,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.19 20:09:45 | 000,010,900 | ---- | C] () -- C:\Users\xxxxx\.heldEinstellungen4_1.xml
[2010.11.19 20:09:42 | 000,000,628 | ---- | C] () -- C:\Users\xxxxx\.dsa4.properties
[2010.11.19 20:09:29 | 007,134,331 | ---- | C] () -- C:\Users\xxxxx\helden.jar
[2010.01.17 13:49:59 | 000,056,320 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2011.07.24 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Babylon
[2010.01.19 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camersoft
[2012.04.15 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camfrog
[2010.01.16 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe_Limited
[2010.01.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.03 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\go
[2012.02.15 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2012.07.02 16:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.03.30 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LolClient
[2011.05.22 04:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.10.19 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin
[2012.06.12 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio
[2011.10.19 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio.local
[2010.04.17 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\runic games
[2010.06.04 03:29:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Samsung
[2010.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shark007
[2012.06.27 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TS3Client
[2012.05.04 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ts3overlay
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.02.01 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2012.01.29 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\VshareComplete
[2010.01.16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Win7codecs
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
[2012.07.04 21:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.05 09:10:06 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.03.27 10:12:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt
Code:
OTL Extras logfile created on: 05.07.2012 10:13:09 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\xxxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 27,15% Memory free
8,00 Gb Paging File | 4,74 Gb Available in Paging File | 59,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 32,72 Gb Free Space | 27,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 124,87 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
Drive G: | 1,92 Gb Total Space | 1,91 Gb Free Space | 99,47% Space Free | Partition Type: FAT
 
Computer Name: ***** | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C7FFB38-5F8C-4CDB-AEFF-32AB41184CDD}" = lport=57346 | protocol=17 | dir=in | name=pando media booster |
"{0DB4E1C8-5842-41F7-9E83-2B11B96D4B22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{100051AE-919E-4AC7-8B97-EFEB41A378FC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{168EB429-C195-4D3A-8102-7422F931A33A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{188B617C-CCCB-43C2-B4BE-AEC3205AF277}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1AF38DAF-314C-4F60-81AA-D2973284B612}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{1E1FAE0A-4C47-4D0F-844D-90BF6AB84F07}" = lport=137 | protocol=17 | dir=in | app=system |
"{23370F7D-120F-4773-90E3-274596D4A823}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2671E187-4E51-4D99-8CC1-C6EDF5A4EC4E}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |
"{2B0643D7-3D5B-48AE-9E2F-9CF2A2F11AED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DA5CB98-40D5-49B7-B0FB-50E0514FCDB3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39A99C31-6493-4EA0-BF4E-FAF0E63BCF6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A2587B5-2DB3-4BCB-98BC-5EA0032389C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{476ECF2E-599B-4CD7-9E72-139D3D361100}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6032A1DA-DF8A-4BE1-AED9-3D5C7E6B38D3}" = lport=138 | protocol=17 | dir=in | app=system |
"{60CA493A-55BB-4E8F-A74D-1A73BCC5724D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6886C7D2-3CFE-4070-A883-A099D674A54F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B6B9F59-E334-4484-A3B7-570662A6B255}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{72E0F1E8-461F-4E10-A8DA-3B9B532311F7}" = lport=57346 | protocol=17 | dir=in | name=pando media booster |
"{743BE111-37A8-45D5-88AD-FE227F68AFEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A814CDE-1361-4A95-BD22-D9E456F06C64}" = lport=57346 | protocol=6 | dir=in | name=pando media booster |
"{7E4CB5D1-1527-4557-8A67-65EEFE6B2957}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{80F399D4-4581-4635-9ED6-FB16382166E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{8436BCAE-D206-4742-B2AD-613CB9B1958B}" = rport=139 | protocol=6 | dir=out | app=system |
"{84C47333-0374-4094-8895-5BC916D156AA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8816D5A9-1A3E-4566-B4ED-28B5BACC208A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D8ACD5D-BA82-4597-9F6D-2CCBA00E8D89}" = rport=445 | protocol=6 | dir=out | app=system |
"{92AE7153-D0CE-4C5C-8E77-B743464A0FE0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C62E3BD-D30D-4337-9DCD-293ED21D7484}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD660DCC-6A76-44DD-8C77-1F7621A22999}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9566282-EEC4-405B-90FA-5033DB0B09C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9FCCF6F-018B-4153-8D65-F1509D287E00}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFA51EF5-F7BD-4762-880B-B449D408AC3A}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |
"{D84EA4F6-99EA-425E-AFD3-32B1F8A6D296}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9001C3C-716C-4C9F-9295-DCA9B945C074}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DD43F723-E687-45C0-808C-E11E1D021392}" = lport=57346 | protocol=6 | dir=in | name=pando media booster |
"{E09CC4BA-D4A1-4C63-A5E1-8AC591FB0EA9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E89D9336-05B9-4688-A227-895B80174D41}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB1E1FC5-E998-4A82-8757-1A982F8A667E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEF9DD8E-8999-4B36-B9A7-E207A6039082}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F525EFAA-9A78-4FE0-9A90-38089AD5B1BF}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC1D18-43A4-4AE6-ABE0-40C0CA0AB0A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{017D7003-36CB-425A-B74B-B94074B75715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01DC7465-1C4D-49B7-A324-427E55558E6E}" = protocol=6 | dir=out | app=system |
"{0221018A-436D-4AA9-B86A-AA5E4B349745}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02565FDA-9BA4-42C1-B659-2575E5A3F69B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{0288D9B0-FF02-4EA9-A370-0524762FD4C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05095AE3-5BCB-4A7A-A5C6-96C533897059}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{09FFA694-E592-4B4C-A03D-EFD623E68ECA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A24966B-4BDE-4759-B1F2-310297E78DFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{110DD342-D479-44DF-902A-1D3A8F40207C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1329E526-1225-49A5-BE95-7FAAEC9971FD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{13366663-CC58-4158-B745-15CC9761F559}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{136518AA-E794-4C20-91E3-138B2723A4A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{143DFAC1-D60C-4281-ABD9-0D2E1DD8BDC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{152636D0-9796-44EE-8C63-3949AFF1ADC5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1C7929C9-85D0-4BC9-8B74-9CAC54F7F47E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E930584-47DC-4AFB-99D4-E1C4533F8D2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ED8D47D-FDCC-4AD6-B907-6B0E5E5C9E83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F4042D4-D773-471C-AC15-6B07E361732E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25835B0D-14A7-40A4-8F15-D287D5AA8DBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{283B83B9-D125-4121-BAA4-C8A2BA80E917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DD0D131-847F-4EC0-B231-9C04A940C10F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DD31228-B939-46FB-8CFB-63A0A9A45AF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E883525-31DF-40D3-8C01-EAEE456060C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2E919C9B-07DE-452B-8E7C-81F4B65C4F06}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{2FEC9FCE-EF8E-4D9F-AC99-7DE6387C396C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30DDCCE5-AD55-4CC9-AFA6-6E7615822B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{345244A8-DFCB-4215-8417-2588FFCEEC4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3455DBA0-5A20-452D-AFCD-47EACADB23E5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3519B3CF-FB59-4EA3-A31B-11BF13005CB4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{373E12CD-5C2B-4DA0-A844-D72BBD75123E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37B3BE49-9D6B-4927-98E4-E01137761DE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39E775DE-84DD-4CF3-9C20-BBC3C2629E97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39FB1F7B-0878-4BE4-A939-9DB0BD35E517}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A51643C-A8BC-410B-B1BC-BFE7E0E2AC10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D5E65E6-36E8-4CA2-8FA4-A5D8E1502574}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E205F78-C066-4046-BE9C-90F897765D60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F7F37BE-CCFC-49A4-A672-2E3CEF2F8A27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{400FF308-FE94-423F-A31D-417C2C04D030}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{436D97F9-FDC5-47F2-B1DD-0537C22EA583}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{480525F1-4858-40F7-8341-ACC3845399A1}" = dir=in | app=c:\users\xxxxx\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4815FE3F-E60F-48E3-B4F5-D50484330C1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48B6FC66-4820-4EBB-BF2C-5CDD1CFCE779}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4929A9DE-76E5-4CEF-951B-4FA0BC48AC93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A134314-1F20-46C9-AEB2-CD3D141A8D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4CC59032-EBE1-41ED-B17A-BE4F6367AF29}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4DA6CC8B-B76E-4493-96A5-72DDFB473C83}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4DAADD5D-F559-4B88-AB5D-A94BE50C7F2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{502D179E-1EB1-41CA-BE27-63FFF6140801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{503D6268-8FD8-4FFF-9DF3-4E9A9473FE49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{506E0037-305E-4293-9F85-25D226089155}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50BA0F7D-37E9-4805-A465-7D21192FB033}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51805F6A-8F91-4089-B8CA-AA9767D69DFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51988EBE-CF6D-4425-8CE4-61C73C583B50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51D0FB4B-C00D-44BB-AF35-5AE203088008}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{535F010B-C5AE-4779-A90B-FD840950411D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{5442604A-156A-4432-9599-B545E4474FBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{54B3A5CD-2722-4C2B-8416-79DC439FF2E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5805B1DB-C231-4408-98E4-8CCDC7BD5C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{58351009-899D-47B0-9BF5-25E981621F22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5850DB02-D088-492E-82BA-46E97F1F8105}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A317BA7-FC0B-430D-B332-8CE5BB0FB255}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C167027-8C16-46A0-AE84-3744AC5689D3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{5C495F55-3C45-4894-9091-DA1DC3B2EA65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D59FEBC-2655-46B3-8C7D-32949A9D6A19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D902365-3C5B-482E-9D18-8A3D095F6BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{5DA6ADFA-0F26-4DF5-838A-F33B0360EFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5DD5F6F9-4C17-4611-9779-B077A952A605}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EEF7B92-8774-4A4A-8310-D76975805EAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61112FED-6841-43C3-81F6-1CC9C73C6697}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{61160928-4924-4B76-9783-BF3150A7DA42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61973202-EDC1-4428-8277-AA46F498C2C3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{671A25E7-0A59-4C94-B31F-CD9B33488C06}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{685CEEDB-0CCD-4954-8EB0-16A68ABF925C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{69CADA56-4459-46A4-BF1F-FA6C397973EF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A981A9E-7733-40E1-8804-B84458AFFF9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B319F0A-8E70-42FD-A277-0052A40368FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70BABD7E-EC07-4AD6-9762-5FC51F471132}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{716E7280-ADFB-471E-BBB2-FE3BA527E8C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73D8BBB1-FE60-43DB-AE8D-B4ACCC601DDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73DBBE8A-4370-415D-A738-80AF7E3D91D4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7A06301B-B2E8-4364-B2B7-7F480A991C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A93F025-304B-4BC1-A425-C4D1744ABFA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D074B27-D80D-48FA-9AB1-F5CDAB5000BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FE9AC5F-C104-4B7E-887E-6EA8979FC8BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83255A5A-DAA8-4ABE-BF33-5B9A606B9424}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84D934E3-C526-4C19-9414-DA8C0A52F0EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87612B9A-3227-4617-9FDF-D796D8790C86}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{896A6ED7-4406-45F9-9B0A-B2018AF5A143}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{899F56B2-AD4F-4602-A719-9EE42E25C475}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8DA974D6-8686-4102-8477-BC41B7F65694}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E375B5F-4F43-461D-A3B6-A7C3B13A9300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F614075-6725-4277-8150-7AE09A103A79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90B3EEC4-7151-4147-B56E-6552DEDD1C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92D226F7-C99F-4D36-9B1B-2659B677CEA7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{99F76CFD-D555-4126-918C-1E54008860D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A6A79F6-4901-4452-91FD-BBED2A0D569C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C47C165-24CF-4196-9A74-B4B1B8E0A2EC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DA042CC-0DD4-4993-A573-D5CBE15A4596}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9DDC6CC8-DD44-48A3-B63F-1E3CB2CA907D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E705763-8CDE-4B79-BAAA-B8F14BFD0056}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9F9DCF7E-79DE-45D7-BA96-D11CFC88F91E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A310871E-3E95-492A-8E96-88ABD9271160}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{A5605CA3-B887-4FDC-A354-06B222E0543A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A98DB010-03F6-46A3-A942-955FE022A913}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{AA1D3956-5269-45F6-AAC8-0DEF6C20481D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AABB7FB1-EE46-4179-BC78-48686DD4234A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAED12A3-3242-4D49-A1DC-0FD1139C456D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{ABDCFF1F-E7C4-4C59-B7F6-716F4B6029A0}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{ACC400C0-C2C1-457D-9DC7-8D572130A993}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{AD9A98BA-7307-45BA-995D-D3526B235E52}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{ADE07FD8-C649-4DAB-A8BE-AE9CB0A94A09}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{B3F18CFB-4A83-48A8-9CB9-29E2B2546547}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B42A520E-24D7-4D3F-A2B0-BD9486FE1823}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B673901F-E97B-4513-8B1C-690AC46E40CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B745F3D1-FE5E-4119-BE21-B7FA40EE6D1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B86602AC-0684-41F2-B7DC-507A6779850D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B89E9FAD-8ABC-44FD-A65C-4161F0CF8931}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B92192C7-ABCF-4C81-9863-292EE197928E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA59BF88-7FFB-41B7-9295-28EC758E5FF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA9B0C00-B381-4E78-AE24-86096FF1BF44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE443D60-1AD5-4602-8D1D-E59E6B3C5606}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF23917E-771E-45FA-B0E3-9A44BB71B89C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF7438E9-89AE-4B52-9C5E-D747DDC7F706}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{C2959E96-9D07-4008-9E1C-C66301A1B9DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7551189-9ECA-46A7-8B5D-43322A8ED071}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C798288E-53C8-4E7B-82D6-9902A0BE2D64}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{C891A412-17C0-445F-BD3D-FEF8969DDC08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8F0AB9A-953E-4137-8C42-5A6299223A29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA41AB8F-67DB-4F5E-9BDB-D4047F6E0588}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CD62BEB1-978B-47C1-A608-0D868632F763}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{CEBFCFDC-31E5-4C37-A05F-E286C0E3F40F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0F72C4C-793A-4BB8-AFF6-DDF2C23F36BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1749F33-08C7-411E-BAA6-DBF5FCFA3019}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D39B6BD5-B35A-476A-B6B6-BA5D7CBD9B05}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{D3E5A608-650B-472C-97CB-9C420AEAE3A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D658E03D-6E2A-4770-A639-732E4075FAA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D81196BC-5311-4282-AED8-386C04F804E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD89763B-03B1-4CC8-A93D-34308EDC0B3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0E2F3C5-A77A-4E37-893F-76C1E0AA830D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E0FC15F2-1F38-43EA-AE00-9B5267C6787E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1622F49-C364-469A-9C8E-42B7315250DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E311EC4C-D8D3-4C95-8CE3-3AFBE7E4791D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E5CDE416-4393-4ABA-B9E7-940D8038A46D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E623BF6F-EE7B-4E7D-9FB1-2227944E698D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E6660AFA-6A33-4B7F-9360-5EE0D5E44276}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E903A69B-6418-4ABA-8469-3CB7A49EEF28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E99A3D0C-B486-4F20-A562-3ED6A100236C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF66D0DB-1633-4C1C-9A94-319ADC1F5A52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFBAA73C-4EF2-41D0-A961-81331DD1458D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F232A6A6-98C0-4776-AA4B-E3600736FE91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F277326F-5F84-4509-9CBB-FE9EE48357E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3D5A539-8B33-4089-85A1-0749DE5915BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4164626-E90C-4C20-9CD7-31AA0B86C94D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{F80C7E06-1406-435F-AAC1-6978926C75A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8A68823-AC7E-4B92-B741-AE0E05F6F468}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F9842CB9-ACCD-4FE2-B6CF-77496BEC7EAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC60199C-D9F8-4FA8-AE01-608294E0FB14}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FCD45DE4-C582-47AD-B389-6D7ABA45D37D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD18C006-9CFD-4832-8799-79023D5F441C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF3D8684-0C31-4497-BBB2-E201B1577886}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0AD4A6BE-EFE9-4E2B-BECB-EE1D777D4235}C:\users\xxxxx\desktop\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\users\xxxxx\desktop\ut3\binaries\ut3.exe |
"TCP Query User{12449BD1-8204-45EF-B443-D359A7E90561}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{33A75069-132A-4002-9947-97E7C96EB08F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{36489556-F037-4D53-AD29-07725441E02E}C:\users\xxxxx\fotos\server.exe" = protocol=6 | dir=in | app=c:\users\xxxxx\fotos\server.exe |
"TCP Query User{461A9D11-FC81-41C1-985B-37E3B138C894}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{52BC671E-CFA1-4720-BD36-804EEBBACC7E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{56C2A2A7-A56B-4A7D-BD6A-298964787A79}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{6F5DA40C-8998-4707-9040-18C79D4D9E01}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"TCP Query User{899AA257-FF46-45B8-B050-6B4B2D5D3796}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{97BE7ECA-F45C-4049-A7F8-3516258DB363}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{97F96D38-D58C-4EC0-BC01-5F9395B2A8D8}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"TCP Query User{B2136834-FAB1-455E-AC2C-7BDFE819F800}C:\users\xxxxx\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{C6BFEEBD-C1F0-4515-B744-B1E7D5459D9A}C:\program files (x86)\dc software\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc software\dl10xp.exe |
"TCP Query User{CE18E4CD-8F8D-4316-944F-DD4DF471A67D}C:\users\xxxxx\downloads\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\users\xxxxx\downloads\far cry\bin32\farcry.exe |
"TCP Query User{D6D90DBD-3809-41E8-A9AC-5960B01CB2F3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{DBB034F3-9C1B-41A9-93AA-329ED9463535}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{DDF7CE4B-F9ED-4D9A-B2EC-4DE271EDEFB6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E7E5ED8B-C0D4-4788-ADD4-56F8A7A42442}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{02D796CF-D76F-471B-9FFD-E2515BB2F1BF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{0953DB2E-C557-4A18-8FC3-5D64941DA1B8}C:\program files (x86)\dc software\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc software\dl10xp.exe |
"UDP Query User{0D9CB01F-698F-47AD-91F9-66A6C21D2F02}C:\users\xxxxx\fotos\server.exe" = protocol=17 | dir=in | app=c:\users\xxxxx\fotos\server.exe |
"UDP Query User{208D2EB6-CC91-4DFF-8E6E-20A016171BF9}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{30820B14-4482-47BC-A474-EE32498BA447}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"UDP Query User{30D21DA5-8C7F-472F-ABD5-2E3EA49DE0A0}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"UDP Query User{452C3A39-686D-4EF1-843B-0D6BFB505AFD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{51C9456D-C6C1-4B07-8C8A-271C8302E170}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{63B9FF48-68D4-475C-87A3-1EC8B0421355}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{6A79EB0A-CEF5-4A9F-98E6-84E1FDDC2BA5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7E53245C-75B0-46CB-A662-EE65A9E9347A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9BCB1FAF-5CCB-4003-985F-3B84770FA38C}C:\users\xxxxx\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{A1BD6D39-F3B7-4502-9998-40BABF1F2AFD}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{D5B1D09E-2B9A-485B-8FD4-B6F6B0E3125C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E0E69C48-6DA9-41FD-8107-6E6D2D565737}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{EBA7B48F-11E3-41AF-B6C5-6E7C5D90DD0D}C:\users\xxxxx\desktop\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\users\xxxxx\desktop\ut3\binaries\ut3.exe |
"UDP Query User{EDEE0B17-9261-4970-A5F7-AFF9C17C26BC}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{FF2638C5-9A0C-4F92-82A2-FDBD33F8E6A5}C:\users\xxxxx\downloads\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\users\xxxxx\downloads\far cry\bin32\farcry.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"x64 Components_is1" = x64 Components v2.3.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1" = VshareComplete
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B4C7E0-078F-42D6-90B2-001400795416}" = NWZ-S750 WALKMAN Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F85C632C-29AB-4FD5-9870-AC39E4BDECF9}" = RSSRadio
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"CamStudio" = CamStudio
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX-Setup
"ffdshow" = ffdshow
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HyperCam 2" = HyperCam 2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PokerStars" = PokerStars
"PROR" = Microsoft Office Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 9200" = RAGE
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.3
"vShare" = vShare Plugin
"vShare plugin" = vShare plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Seesu Music Player" = Seesu Music Player
"YouTube Player" = YouTube Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2011 21:45:06 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.12.2011 21:45:09 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.12.2011 21:45:10 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.01.2012 09:05:51 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.60.1185.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 464    Startzeit:
01ccc92e3ce18309    Endzeit: 632    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 7c497fde-3542-11e1-a1f9-001a4d46bea5 
 
Error - 02.01.2012 12:50:37 | Computer Name = ***** | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 02.01.2012 12:50:48 | Computer Name = ***** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.01.2012 12:51:13 | Computer Name = ***** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.01.2012 23:57:00 | Computer Name = ***** | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 03.01.2012 23:57:10 | Computer Name = ***** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.01.2012 23:57:43 | Computer Name = ***** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Media Center Events ]
Error - 30.09.2011 22:35:04 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 04:35:04 - Fehler beim Herstellen der Internetverbindung.  04:35:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2011 22:35:12 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 04:35:09 - Fehler beim Herstellen der Internetverbindung.  04:35:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.10.2011 08:30:59 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 14:30:57 - Fehler beim Herstellen der Internetverbindung.  14:30:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 03.07.2012 03:13:10 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gizmo Central" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%2
 
Error - 03.07.2012 03:13:10 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 03.07.2012 03:13:22 | Computer Name = ***** | Source = PNRPSvc | ID = 102
Description =
 
Error - 03.07.2012 03:13:22 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 03.07.2012 03:13:26 | Computer Name = ***** | Source = PNRPSvc | ID = 102
Description =
 
Error - 03.07.2012 03:13:26 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 03.07.2012 12:35:21 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gizmo Central" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%2
 
Error - 03.07.2012 12:35:21 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 03.07.2012 12:35:31 | Computer Name = ***** | Source = PNRPSvc | ID = 102
Description =
 
Error - 03.07.2012 12:35:31 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
 
< End of report >
Vielen danke schon mal im voraus

cosinus 05.07.2012 16:42
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

SirInsanity 06.07.2012 12:54
hallo,
vielen danke scho mal für deine hilfe.
heute bin ich erst in den abgesicherten modus, da ich keine netzwerkverbindung aufbauen konnte hab ich im normalen modus gestartet. Hier blieb der GVU-Trojaner bildschirm dieses mal aus.

Esset Log:
Code:
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30bed0a646e223408c84fd7cf7bb993f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 10:52:44
# local_time=2012-07-06 12:52:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 22519286 93198661 0 0
# compatibility_mode=8192 67108863 100 0 154 154 0 0
# scanned=205080
# found=30
# cleaned=30
# scan_time=3153
C:\Program Files\Shark007\Tools\settings64.exe        Win32/Packed.Autoit.C.Gen application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe        a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe        Win32/Packed.Autoit.C.Gen application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\ProgramData\Win7codecs\{4886F851-DACD-45CF-98CB-B88DA603AFC4}\Win7codecs.msi        Win32/Packed.Autoit.C.Gen application (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00326Z60\firstload_com[2].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54682NM7\firstload_com[2].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5URJAQDX\firstload_com[3].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EEZ3UVS\videorewardspot_com[1].htm        HTML/Fraud.BG trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNNQ98DL\firstload_com[2].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHZZTA6V\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBKX2Z9U\firstload_com[3].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBKX2Z9U\firstload_com[4].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOQ6G4X9\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNTPWX9D\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKVY06XM\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Temp\jar_cache142325409974945615.tmp        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\Local\Temp\is1070216317\MyBabylonTB.exe        Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6c421d53-2586f88a        Java/Exploit.CVE-2012-0507.CE trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2b581c82-1458f611        a variant of Java/Agent.DU trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\33cfc59a-74024ed0        a variant of Java/Exploit.Blacole.AF trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\42c761da-283c0bd0        a variant of Java/Agent.DU trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\a00b9df-5442beb7        Java/Exploit.CVE-2012-0507.BZ trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1bd25be0-2a3dcf64        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\1a5a1822-5bac8e9c        a variant of Java/TrojanDownloader.Agent.NDK trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3ea00c69-280af17b        probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2ede9d75-726380a0        probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7c211cc7-24519c75        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4a511a89-30370b83        a variant of Java/Agent.DU trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Claus\Desktop\JDownloaderSetup_CH3.exe        Win32/InstallCore application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Windows\Installer\57d76.msi        Win32/Packed.Autoit.C.Gen application (deleted - quarantined)        00000000000000000000000000000000        C
ups, hab ich das grad richtig gesehen, dass ich doch das häckchen beim cleanen nciht weggemacht habe?

Beim malware Programm hab ich bereits alles gelöscht, schon vor unserem kontakt

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxxx :: ***** [Administrator]

Schutz: Aktiviert

06.07.2012 11:50:50
mbam-log-2012-07-06 (11-50-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441784
Laufzeit: 24 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 06.07.2012 14:08
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Außerdem: was hast du hier dran eigentlich nicht verstanden?

=> Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

SirInsanity 06.07.2012 14:18
Hallo,
ich habs verstanden, dachte auch ich hab den hacken entfernt, habs dann als ich die logdatei überflogen bin gemerkt, dass ich es wohl doch nicht habe.

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxxx :: ***** [Administrator]

Schutz: Aktiviert

03.07.2012 08:11:50
mbam-log-2012-07-03 (08-11-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441406
Laufzeit: 26 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\StartSearch plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.

(Ende)

cosinus 06.07.2012 14:47
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

SirInsanity 06.07.2012 14:59
hallo Arne,

soweit ich das beurteilen kann, ist alles ok. kann den Pc uneinegeschränkt nutzen bisher.
startmenü passt soweit glaub ich auch, nur das win7 will dass ich ne sicherung mach, das ist glaub ich neu.
Alle Programme ist der Autostart Ordner leer, ob da davor was drin war weiß ich nicht, sonst ist glaub ich alles normal.

cosinus 08.07.2012 18:50
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

SirInsanity 09.07.2012 09:16
hallo Arne,

beim starten blieb der bildschirm weiter normal, dafür kam es gestern einmal spontan dazu.

ich hoffe ich hab bei dem scan alles richtig gemacht.

Code:
OTL logfile created on: 09.07.2012 10:04:16 - Run 3
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\xxxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,37% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 33,36 Gb Free Space | 28,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 124,87 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
Drive E: | 672,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***** | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (MpKslda047a92) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9A0C826-78CC-43DD-A5C6-958AD94A4B60}\MpKslda047a92.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A4 E1 7D A2 DE CC 01  [binary data]
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=4289ac8d0000000000000000000000000000
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}: "URL" = hxxp://www.slaago.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MruuIucd
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={40DECC56-E384-493A-B08C-66B9334F2CB9}&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&lang=de&ds=gh011&pr=sa&d=2012-04-15 17:00:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJK6Q4w&i=26
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%7D&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&ds=gh011&v=11.1.0.7&lang=de&pr=sa&d=2012-04-15%2017%3A00%3A47&sap=hp"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%7D&mid=ef7f2d3bb91647d0b6e2d1530ba25756-7b959052c05fa11c9c7adea697744d691885cdb3&ds=gh011&v=11.1.0.7&lang=de&pr=sa&d=2012-04-15%2017%3A00%3A47&sap=ku&q="
 
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=MruuIucd&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.12 17:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 13:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 13:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 17:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 11:39:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 11:39:11 | 000,000,000 | ---D | M]
 
[2011.03.05 17:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions
[2012.06.12 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions
[2012.01.29 19:03:26 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}
[2012.01.31 17:21:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@babylon.com
[2012.06.12 17:36:43 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@incredibar.com
[2011.03.06 17:52:19 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\firefox@tvunetworks.com
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\google-search.xml
[2012.06.12 17:36:24 | 000,002,203 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\MyStart Search.xml
[2012.01.29 19:03:21 | 000,000,792 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\startsear.xml
[2011.09.17 16:10:20 | 000,001,565 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\web-search.xml
[2012.05.06 18:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.06 18:27:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.12 17:36:37 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.06.12 13:41:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2011.09.17 16:10:12 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\xxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YTKFJ7WC.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.06.24 14:15:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.29 19:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.24 14:15:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 13:41:20 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.07.24 19:50:07 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.24 14:15:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 14:15:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2012.06.24 14:15:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 14:15:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 14:15:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.01 05:17:06 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Facebook Update] C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61117D82-11E3-4CF7-A9E5-C8D4BBC29531}: NameServer = 213.191.92.87 62.109.123.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell\AutoRun\command - "" = F:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 09:13:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{20A1C76A-6355-4C6F-BFB7-21AEF72E1035}
[2012.07.08 21:12:50 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{347380FB-5F55-426C-8717-2BB679E101ED}
[2012.07.08 09:12:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{234D036E-A4BD-4610-942F-9F482C956B30}
[2012.07.07 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{09678609-E90F-4B53-ACB2-FD85F3A74911}
[2012.07.07 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3857F783-F9BC-435C-A0BF-8E2847DD7FB9}
[2012.07.06 23:53:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{4A31D475-2D67-40AD-9809-0FB74BA8833C}
[2012.07.06 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{33B21B0E-3939-4160-8EED-CC2E7EB7C002}
[2012.07.06 11:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.06 11:57:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.06 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{1CE05BD6-AEE5-411A-9FA2-134CAE6AE49D}
[2012.07.06 11:50:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{CCC07474-3BAA-4F62-BE7B-D84224645D81}
[2012.07.05 09:42:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{98519D34-786E-4514-B2C3-9C936FF1FDB8}
[2012.07.05 09:42:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5FC27973-2915-4CAA-88ED-BDB4DA731419}
[2012.07.04 09:19:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.04 06:38:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8D75044B-2497-4475-9C8A-3FC5D510BF66}
[2012.07.03 18:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E8CDD602-C095-403F-8BD2-96FA3B193F9A}
[2012.07.03 18:35:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{9265B5B4-B745-45EE-9EA9-42EDD08A384D}
[2012.07.03 01:33:16 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2012.07.03 01:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 01:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 01:33:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 01:05:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{16DD58BB-5ABC-4330-8F0A-B77548A6771B}
[2012.07.03 01:03:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3883CACF-7C10-4A6C-9C9F-CE67A4EBE671}
[2012.07.02 05:06:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2A745525-A4FA-42C9-9670-89334B4BE9BB}
[2012.07.01 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E6D00403-8DA8-45FD-A7E0-0494AE8BCFDF}
[2012.07.01 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5ECA69B1-95FF-426A-A233-5E97B62ABD52}
[2012.07.01 04:42:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BE4309AF-95E7-49FF-BABB-C741BECBA1C3}
[2012.07.01 04:40:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5D721F0B-6617-4932-AE08-F46C169B4F72}
[2012.06.30 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{B4C3E13A-012C-4946-BC1E-F589E8706D13}
[2012.06.30 03:56:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{988A0A30-96A1-4ED5-AA27-CA07580F518A}
[2012.06.30 03:56:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E06291BE-5EBC-4445-8E5A-F2C5FB6AD331}
[2012.06.29 15:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{F5D97B7C-FB8B-4F58-9465-3BEBF1C618F8}
[2012.06.29 03:55:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{609C89AA-BD87-4C2D-B6F1-7B99BDDD6F26}
[2012.06.29 03:55:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{41AD1B5E-3356-4502-BBBC-B6D1F91115D6}
[2012.06.28 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3C842CF4-D150-442C-A504-1A122CDAAA4D}
[2012.06.28 03:52:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A685F20C-A1DD-49BF-82FA-87A2B014F048}
[2012.06.28 03:52:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DD58E244-4C8A-4338-9489-F48051E2BFC3}
[2012.06.27 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7CBCF33A-5F13-4B0A-B395-29762969CA3D}
[2012.06.27 03:50:28 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C40C7990-8CEF-4F51-998E-C7EACBBCAF71}
[2012.06.26 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D92AA852-D1CC-4449-AAA0-5EB2CA29702D}
[2012.06.26 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{02BD5822-BC4C-495D-BA9A-E4797248AB30}
[2012.06.26 03:48:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7DAF9FE8-5837-4D5C-A28A-87E10F2EB2E7}
[2012.06.25 15:47:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3F6C6DC4-D865-4222-90B1-DCCAE2394719}
[2012.06.25 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C7970780-ACC1-40DC-A1AA-A1B3C38C926C}
[2012.06.24 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.24 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.24 15:47:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A46BFF78-E3D2-4BA1-9FBC-DE28B0A92092}
[2012.06.24 03:46:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A8FA4AE3-C0A5-461B-814A-E542181DEF89}
[2012.06.24 03:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{FC160A0E-B70A-4648-8461-4174D64C5346}
[2012.06.23 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D5104F4B-8736-4052-9840-8137FB2AD3EE}
[2012.06.23 03:45:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0AFEB484-C5F3-46E7-898B-D435F8A8A84C}
[2012.06.23 03:43:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{33553DD8-7565-400A-9B52-9DEB3CA2B37C}
[2012.06.22 13:54:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2C9E7A4F-3668-4399-97C4-6698428EFB1A}
[2012.06.22 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{82F5EB66-B38C-4DE6-8EC7-C3555A6E9EF3}
[2012.06.22 01:52:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3578BC71-AAF3-41E2-AF46-404F31B71CB0}
[2012.06.20 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BB53EB6A-2CAF-4ADE-931B-537DA6D77BAF}
[2012.06.20 01:59:13 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6C27D919-FDC9-4A9C-A81D-5C64B19D7916}
[2012.06.20 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DB46EB4C-5EBF-4CF9-AC17-9F6471B5FF73}
[2012.06.19 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{415943B8-5CD3-4E2F-9443-C507F6C0DD03}
[2012.06.18 01:57:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{87A94341-B390-451F-91FF-D9EF22F0406E}
[2012.06.17 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{19D5E307-D70E-4C4A-A34D-56FA1C98DA4E}
[2012.06.16 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84EB282A-D568-467B-9268-BEC21B125317}
[2012.06.16 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DA372BE6-F2F9-4F27-A907-A5342FA0E1D1}
[2012.06.15 03:36:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{24C98FD5-2E31-4DDE-92FF-2AEF81F3815F}
[2012.06.14 23:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.14 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.14 15:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7A80E386-7BBD-47CE-A3BC-D6ED7096A299}
[2012.06.14 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Macromedia
[2012.06.14 03:33:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E052B738-780C-4DD8-9B44-A26EFB620684}
[2012.06.14 03:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6463369B-C33B-4A60-A2CD-FC8644D2632A}
[2012.06.13 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\AVG Secure Search
[2012.06.13 14:55:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{425E9A86-E13B-4FE3-AB0E-0994F3A609BD}
[2012.06.13 02:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0A412164-D9CD-479C-B94B-9753A947A120}
[2012.06.13 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84A67436-EEEF-4DCB-8166-FD786A7CC2A8}
[2012.06.12 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.12 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.06.12 12:20:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{4E38FF88-98B3-4E5F-90A5-238500B6305C}
[2012.06.12 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3D232EBE-09DE-46EB-AFC9-E272859DAF2C}
[2012.06.12 00:19:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{EEDC41B3-AEF8-445B-A4DA-DC11E717EF08}
[2012.06.11 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5047F25D-758B-470F-B3A1-849C06B03F41}
[2012.06.11 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7503E00B-C43B-4B29-AD09-ADEBCEAB27EA}
[2012.06.11 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8AD3C198-1B6F-461E-99BA-E5127899F803}
[2012.06.10 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{548B4821-19FB-4445-9CAE-0C45CA944B41}
[2012.06.10 12:16:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{38614C7D-790B-44A0-8B4E-85CF62B640D3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 09:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 09:29:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 09:10:48 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.07.09 01:45:32 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 01:45:32 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 23:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.08 23:41:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 23:40:56 | 000,001,894 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.08 23:29:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.08 21:10:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.07 21:14:24 | 001,633,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.07 21:14:24 | 000,703,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.07 21:14:24 | 000,658,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.07 21:14:24 | 000,151,708 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.07 21:14:24 | 000,124,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.07 21:09:40 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.06 11:57:03 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 16:25:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 09:19:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.03 01:33:08 | 000,001,122 | ---- | M] () -- C:\Users\xxxxx\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.20 18:40:51 | 000,300,266 | ---- | M] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.14 21:40:43 | 000,342,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 17:36:45 | 000,000,447 | ---- | M] () -- C:\user.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 23:40:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 23:40:56 | 000,001,894 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 01:33:08 | 000,001,122 | ---- | C] () -- C:\Users\xxxxx\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 01:08:06 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.20 18:40:49 | 000,300,266 | ---- | C] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.12 17:36:44 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.03.08 12:22:35 | 000,351,378 | ---- | C] () -- C:\Users\xxxxx\IMG_02932.jpg
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.15 14:21:54 | 000,000,838 | ---- | C] () -- C:\Users\xxxxx\.recently-used.xbel
[2011.11.04 16:22:49 | 000,000,072 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\blckdom.res
[2011.07.13 22:06:56 | 001,210,411 | ---- | C] () -- C:\Users\xxxxx\IMG_1040.JPG
[2011.07.13 22:06:54 | 000,968,566 | ---- | C] () -- C:\Users\xxxxx\IMG_1039.JPG
[2011.07.13 22:06:31 | 001,122,157 | ---- | C] () -- C:\Users\xxxxx\IMG_0970.JPG
[2011.07.13 22:06:27 | 001,172,241 | ---- | C] () -- C:\Users\xxxxx\IMG_0969.JPG
[2011.07.13 22:06:24 | 000,985,082 | ---- | C] () -- C:\Users\xxxxx\IMG_0966.JPG
[2011.07.13 22:06:17 | 001,257,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0960.JPG
[2011.07.13 22:06:15 | 001,391,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0959.JPG
[2011.07.13 22:06:10 | 000,896,078 | ---- | C] () -- C:\Users\xxxxx\IMG_0947.JPG
[2011.07.13 22:04:50 | 000,757,495 | ---- | C] () -- C:\Users\xxxxx\IMG_0661.JPG
[2011.07.13 22:03:10 | 000,884,066 | ---- | C] () -- C:\Users\xxxxx\IMG_0293.JPG
[2011.07.13 22:01:26 | 000,753,673 | ---- | C] () -- C:\Users\xxxxx\IMG_0022.JPG
[2011.03.05 17:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.01 23:00:03 | 001,068,568 | ---- | C] () -- C:\Users\xxxxx\Wettbewerb.rar
[2011.01.26 10:35:31 | 001,655,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.19 20:09:45 | 000,010,900 | ---- | C] () -- C:\Users\xxxxx\.heldEinstellungen4_1.xml
[2010.11.19 20:09:42 | 000,000,628 | ---- | C] () -- C:\Users\xxxxx\.dsa4.properties
[2010.11.19 20:09:29 | 007,134,331 | ---- | C] () -- C:\Users\xxxxx\helden.jar
[2010.01.17 13:49:59 | 000,056,320 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2011.07.24 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Babylon
[2010.01.19 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camersoft
[2012.04.15 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camfrog
[2010.01.16 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe_Limited
[2010.01.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.03 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\go
[2012.02.15 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2012.07.02 16:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.03.30 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LolClient
[2011.05.22 04:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.10.19 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin
[2012.06.12 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio
[2011.10.19 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio.local
[2010.04.17 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\runic games
[2010.06.04 03:29:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Samsung
[2010.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shark007
[2012.06.27 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TS3Client
[2012.05.04 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ts3overlay
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.02.01 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2012.01.29 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\VshareComplete
[2010.01.16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Win7codecs
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
[2012.07.08 21:10:03 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.09 09:10:48 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.03.27 10:12:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2010.05.24 16:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Adobe
[2011.07.24 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Babylon
[2010.01.19 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camersoft
[2012.04.15 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camfrog
[2010.01.16 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe_Limited
[2010.01.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2010.05.13 02:08:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DivX
[2012.07.04 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\dvdcss
[2011.07.03 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\go
[2012.02.15 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2012.07.02 16:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2010.01.16 22:11:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Identities
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.03.30 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LolClient
[2010.01.16 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Macromedia
[2012.07.03 01:33:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Media Center Programs
[2012.06.14 12:57:57 | 000,000,000 | --SD | M] -- C:\Users\xxxxx\AppData\Roaming\Microsoft
[2011.03.05 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Mozilla
[2010.01.19 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\NCH Software
[2012.03.17 23:18:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\NVIDIA
[2011.05.22 04:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.10.19 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin
[2010.06.14 20:50:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Real
[2012.06.12 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio
[2011.10.19 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio.local
[2010.04.17 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\runic games
[2010.06.04 03:29:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Samsung
[2010.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shark007
[2012.07.08 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Skype
[2011.05.29 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\skypePM
[2011.03.05 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Sony Corporation
[2012.06.27 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TS3Client
[2012.05.04 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ts3overlay
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.02.01 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2012.07.08 23:54:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\vlc
[2012.01.29 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\VshareComplete
[2010.01.16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Win7codecs
[2010.04.25 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\WinRAR
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
[2010.02.25 00:51:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.01.24 01:23:33 | 000,010,134 | R--- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2012.03.16 23:41:51 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
[2010.03.31 15:49:46 | 000,341,344 | ---- | M] (Teruten Inc) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsAdmin64.exe
[2010.03.31 15:45:32 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsExService64.exe
[2010.03.31 15:47:20 | 000,214,368 | ---- | M] (Teruten) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsUsbExAdmin.exe
[2010.03.31 15:45:40 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsUsbExService.exe
[2010.03.31 15:48:58 | 002,385,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NewPCStudio.exe
[2010.03.31 15:46:06 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAgent.exe
[2010.03.31 15:45:50 | 000,128,344 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAlarm.exe
[2010.03.31 15:49:18 | 001,414,528 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAndroidCDMABinaryUpgrade.exe
[2010.03.31 15:46:14 | 001,516,928 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAndroidGSMBinaryUpgrade.exe
[2010.03.31 15:45:12 | 000,210,264 | ---- | M] (PeeringPortal) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\npsasvr.exe
[2010.03.31 15:45:10 | 001,422,704 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSATNTBinaryUpgrade.exe
[2010.03.31 15:48:32 | 000,234,864 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSBackupAndRestore.exe
[2010.03.31 15:46:32 | 001,635,688 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSBinaryUpgrade.exe
[2010.03.31 15:49:26 | 000,750,944 | ---- | M] (Samsung Electronics Co., Ltd) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCDBurner.exe
[2010.03.31 15:49:40 | 000,886,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCDRipper.exe
[2010.03.31 15:45:38 | 002,073,976 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSChecker_BinaryUpgrade.exe
[2010.03.31 15:49:24 | 001,914,232 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSChecker_LiveUpgrade.exe
[2010.03.31 15:45:52 | 000,165,208 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCM.exe
[2010.03.31 15:46:26 | 000,079,208 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSConnection.exe
[2010.03.31 15:47:22 | 000,451,928 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCW.exe
[2010.03.31 15:47:36 | 000,622,944 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDataHouse.exe
[2010.03.31 15:46:54 | 000,271,704 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDDay.exe
[2010.03.31 15:49:08 | 000,193,880 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDENG.exe
[2010.03.31 15:48:36 | 002,532,704 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDexplorer.exe
[2010.03.31 15:49:04 | 000,558,424 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDM.exe
[2010.03.31 15:47:14 | 000,947,552 | ---- | M] (Samsung Electronics Co., Ltd) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDMPPlayer.exe
[2010.03.31 15:49:44 | 001,467,736 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDump.exe
[2010.03.31 15:46:30 | 000,169,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSEmailSync.exe
[2010.03.31 15:49:32 | 001,615,216 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSEmpBinaryUpgrade.exe
[2010.03.31 15:46:38 | 002,295,128 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSFull.exe
[2010.03.31 15:45:30 | 000,071,000 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSGuide.exe
[2010.03.31 15:49:12 | 000,091,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSGuide2.exe
[2010.03.31 15:49:02 | 001,455,472 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSIFXBinaryUpgrade.exe
[2010.03.31 15:49:38 | 000,300,392 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSImageViewer.exe
[2010.03.31 15:47:24 | 000,177,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSInstApp.exe
[2010.03.31 15:45:56 | 000,288,112 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSInternetConnector.exe
[2010.03.31 15:48:56 | 001,447,288 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSLimoGSMBinaryUpgrade.exe
[2010.03.31 15:49:28 | 006,313,320 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMediaManager.exe
[2010.03.31 15:47:08 | 000,238,936 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMemo.exe
[2010.03.31 15:48:54 | 000,660,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMessageManager.exe
[2010.03.31 15:47:06 | 001,426,800 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMitsBinaryUpgrade.exe
[2010.03.31 15:46:46 | 000,877,920 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMMSSender.exe
[2010.03.31 15:49:20 | 000,546,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMTPExplorer.exe
[2010.03.31 15:46:36 | 001,193,320 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMusicPlayer.exe
[2010.03.31 15:48:48 | 000,652,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMyDiary.exe
[2010.03.31 15:49:10 | 000,611,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMyExplorer.exe
[2010.03.31 15:46:40 | 001,430,904 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNLCDMABinaryUpgrade.exe
[2010.03.31 15:46:44 | 001,402,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNLKRBinaryUpgrade.exe
[2010.03.31 15:44:58 | 002,479,464 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNotifyClient.exe
[2010.03.31 15:46:02 | 001,516,912 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNXPBinaryUpgrade.exe
[2010.03.31 15:47:02 | 001,021,288 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSPhonebook2.exe
[2010.03.31 15:47:00 | 000,099,688 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSPwRecovery.exe
[2010.03.31 15:48:42 | 002,028,920 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSQualcommBinaryUpgrade.exe
[2010.03.31 15:47:28 | 000,660,832 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSScheduler.exe
[2010.03.31 15:46:10 | 001,512,824 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSecCDMABinaryUpgrade.exe
[2010.03.31 15:46:48 | 000,443,744 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSIMEditor.exe
[2010.03.31 15:45:42 | 000,226,656 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSMSSender.exe
[2010.03.31 15:47:12 | 001,021,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSStageSync.exe
[2010.03.31 15:46:24 | 001,422,712 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSymbianBinaryUpgrade.exe
[2010.03.31 15:48:46 | 000,357,728 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSTimeTable.exe
[2010.03.31 15:47:42 | 000,337,240 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSToDo.exe
[2010.03.31 15:46:56 | 000,755,040 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSToWeb2.exe
[2010.03.31 15:46:16 | 000,791,920 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVideoConverter.exe
[2010.03.31 15:45:02 | 000,673,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVideoPlayer.exe
[2010.03.31 15:48:40 | 000,271,712 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVoiceMemo.exe
[2010.03.31 15:45:20 | 000,210,264 | ---- | M] (PeeringPortal) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\npsvsvr.exe
[2010.03.31 15:49:14 | 000,128,368 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWidgetContainer.exe
[2010.03.31 15:46:52 | 001,324,384 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWizard.exe
[2010.03.31 15:47:16 | 002,393,456 | ---- | M] (SAMSUNG) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWMBinaryUpgrade.exe
[2010.03.31 15:49:50 | 000,718,184 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\resources\cgi-bin\cgi-jpegscale.exe
[2010.03.31 15:48:22 | 015,965,024 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.12.18 04:53:00 | 000,091,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\VshareComplete\KeepMeUpdated.exe
[2011.12.18 04:53:00 | 000,091,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Gruß
SirInsanity

cosinus 09.07.2012 12:39
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

SirInsanity 09.07.2012 13:31
hier die logdatei

Code:
# AdwCleaner v1.701 - Logfile created 07/09/2012 at 14:28:39
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : xxxxx - *****
# Running from : C:\Users\xxxxx\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.1.0
Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\xxxxx\AppData\Local\AVG Secure Search
Folder Found : C:\Users\xxxxx\AppData\Local\Babylon
Folder Found : C:\Users\xxxxx\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\xxxxx\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\xxxxx\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\xxxxx\AppData\LocalLow\vShare
Folder Found : C:\Users\xxxxx\AppData\Roaming\Babylon
Folder Found : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@incredibar.com
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\StartSearch plugin
Folder Found : C:\Program Files (x86)\vShare
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\MyStart Search.xml
File Found : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\Startsear.xml
File Found : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\web-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\vShare
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\Ask&Record
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKCU\Software\vShare
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
[x64] Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.order.1", "Web Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b[...]
Found : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "563804FCD86F2A505A85AEB3ACC41181");
Found : user_pref("extensions.BabylonToolbar.lastActv", "24");
Found : user_pref("extensions.BabylonToolbar.lastDP", 24);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.219:50:16");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 60729627);
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.enabledAddons", "{dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21,ffxtlbr@incrediba[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341411822559");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "en");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "4289ac8d000000000000000000000000");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15503");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15503");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:36:43");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 79971821);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6OyEJK6Q4w");
Found : user_pref("extensions.incredibar.upn2n", "92261573370179576");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1417:36:43");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1417:36:43");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "4289ac8d000000000000000000000000");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15503");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyEJK6Q4w");
Found : user_pref("extensions.incredibar_i.upn2n", "92261573370179576");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:36:43");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%[...]
Found : user_pref("vshare.install.date", "1316268613");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.fresh", "false");
Found : user_pref("vshare.install.guid", "{5b4ac3ab-6220-4db3-a589-5fec51a4e75d}");
Found : user_pref("vshare.install.istoolbarhp", true);
Found : user_pref("vshare.install.istoolbarsearch", true);
Found : user_pref("vshare.install.newtab", false);
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://isearch.avg.com/[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://isearch.avg.[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Opera v12.0.1467.0

File : C:\Users\xxxxx\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27052 octets] - [09/07/2012 14:28:39]

########## EOF - C:\AdwCleaner[R1].txt - [27181 octets] ##########

cosinus 09.07.2012 13:37
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

SirInsanity 09.07.2012 13:55
hier die logdatei

Code:
# AdwCleaner v1.701 - Logfile created 07/09/2012 at 14:47:27
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : xxxxx - *****
# Running from : C:\Users\xxxxx\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.1.0
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\xxxxx\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\xxxxx\AppData\Local\Babylon
Folder Deleted : C:\Users\xxxxx\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\xxxxx\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\xxxxx\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\xxxxx\AppData\LocalLow\vShare
Folder Deleted : C:\Users\xxxxx\AppData\Roaming\Babylon
Folder Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\StartSearch plugin
Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\Startsear.xml
File Deleted : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\prefs.js

C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b[...]
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "563804FCD86F2A505A85AEB3ACC41181");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "24");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.219:50:16");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60729627);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.enabledAddons", "{dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21,ffxtlbr@incrediba[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341411822559");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "4289ac8d000000000000000000000000");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15503");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15503");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:36:43");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 79971821);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyEJK6Q4w");
Deleted : user_pref("extensions.incredibar.upn2n", "92261573370179576");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1417:36:43");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1417:36:43");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "4289ac8d000000000000000000000000");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15503");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEJK6Q4w&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyEJK6Q4w");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261573370179576");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:36:43");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Ba73a59e9-ec50-40ae-baa7-c71368b1dffb%[...]
Deleted : user_pref("vshare.install.date", "1316268613");
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.fresh", "false");
Deleted : user_pref("vshare.install.guid", "{5b4ac3ab-6220-4db3-a589-5fec51a4e75d}");
Deleted : user_pref("vshare.install.istoolbarhp", true);
Deleted : user_pref("vshare.install.istoolbarsearch", true);
Deleted : user_pref("vshare.install.newtab", false);
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://isearch.avg.com/[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://isearch.avg.[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Opera v12.0.1467.0

File : C:\Users\xxxxx\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26995 octets] - [09/07/2012 14:28:39]
AdwCleaner[R2].txt - [27056 octets] - [09/07/2012 14:47:06]
AdwCleaner[S1].txt - [22069 octets] - [09/07/2012 14:47:27]

########## EOF - C:\AdwCleaner[S1].txt - [22198 octets] ##########

cosinus 09.07.2012 14:01
So, jetzt sind hoffentlich die ganzen dämlichen Toolbars weg

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

SirInsanity 09.07.2012 14:43
hier die logdatei

Code:
OTL logfile created on: 09.07.2012 15:27:55 - Run 4
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\xxxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 46,84% Memory free
8,00 Gb Paging File | 5,83 Gb Available in Paging File | 72,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 33,27 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 124,87 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
Drive E: | 672,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***** | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A4 E1 7D A2 DE CC 01  [binary data]
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}: "URL" = hxxp://www.slaago.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MruuIucd
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 13:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.09 14:47:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\xxxxx\AppData\Roaming\5038 [2011.11.04 18:17:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 14:15:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.09 14:47:32 | 000,000,000 | ---D | M]
 
[2011.03.05 17:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions
[2012.07.09 14:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions
[2012.01.29 19:03:26 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}
[2011.03.06 17:52:19 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ytkfj7wc.default\extensions\firefox@tvunetworks.com
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\searchplugins\google-search.xml
[2012.05.06 18:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.06 18:27:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.17 16:10:12 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\xxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YTKFJ7WC.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.06.24 14:15:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.29 19:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.24 14:15:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 14:15:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 14:15:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.16 21:37:23 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2012.06.24 14:15:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 14:15:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 14:15:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.01 05:17:06 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\xxxxx\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Facebook Update] C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Subscribe with RSSRadio - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61117D82-11E3-4CF7-A9E5-C8D4BBC29531}: NameServer = 62.109.123.6 213.191.92.87
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell\AutoRun\command - "" = F:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.ffds - ff_vfw.dll ()
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 09:13:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{20A1C76A-6355-4C6F-BFB7-21AEF72E1035}
[2012.07.08 21:12:50 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{347380FB-5F55-426C-8717-2BB679E101ED}
[2012.07.08 09:12:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{234D036E-A4BD-4610-942F-9F482C956B30}
[2012.07.07 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{09678609-E90F-4B53-ACB2-FD85F3A74911}
[2012.07.07 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3857F783-F9BC-435C-A0BF-8E2847DD7FB9}
[2012.07.06 23:53:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{4A31D475-2D67-40AD-9809-0FB74BA8833C}
[2012.07.06 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{33B21B0E-3939-4160-8EED-CC2E7EB7C002}
[2012.07.06 11:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.06 11:57:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.06 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{1CE05BD6-AEE5-411A-9FA2-134CAE6AE49D}
[2012.07.06 11:50:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{CCC07474-3BAA-4F62-BE7B-D84224645D81}
[2012.07.05 09:42:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{98519D34-786E-4514-B2C3-9C936FF1FDB8}
[2012.07.05 09:42:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5FC27973-2915-4CAA-88ED-BDB4DA731419}
[2012.07.04 09:19:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.04 06:38:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8D75044B-2497-4475-9C8A-3FC5D510BF66}
[2012.07.03 18:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E8CDD602-C095-403F-8BD2-96FA3B193F9A}
[2012.07.03 18:35:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{9265B5B4-B745-45EE-9EA9-42EDD08A384D}
[2012.07.03 01:33:16 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2012.07.03 01:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 01:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 01:33:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 01:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 01:05:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{16DD58BB-5ABC-4330-8F0A-B77548A6771B}
[2012.07.03 01:03:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3883CACF-7C10-4A6C-9C9F-CE67A4EBE671}
[2012.07.02 05:06:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2A745525-A4FA-42C9-9670-89334B4BE9BB}
[2012.07.01 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E6D00403-8DA8-45FD-A7E0-0494AE8BCFDF}
[2012.07.01 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5ECA69B1-95FF-426A-A233-5E97B62ABD52}
[2012.07.01 04:42:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BE4309AF-95E7-49FF-BABB-C741BECBA1C3}
[2012.07.01 04:40:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5D721F0B-6617-4932-AE08-F46C169B4F72}
[2012.06.30 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{B4C3E13A-012C-4946-BC1E-F589E8706D13}
[2012.06.30 03:56:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{988A0A30-96A1-4ED5-AA27-CA07580F518A}
[2012.06.30 03:56:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E06291BE-5EBC-4445-8E5A-F2C5FB6AD331}
[2012.06.29 15:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{F5D97B7C-FB8B-4F58-9465-3BEBF1C618F8}
[2012.06.29 03:55:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{609C89AA-BD87-4C2D-B6F1-7B99BDDD6F26}
[2012.06.29 03:55:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{41AD1B5E-3356-4502-BBBC-B6D1F91115D6}
[2012.06.28 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3C842CF4-D150-442C-A504-1A122CDAAA4D}
[2012.06.28 03:52:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A685F20C-A1DD-49BF-82FA-87A2B014F048}
[2012.06.28 03:52:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DD58E244-4C8A-4338-9489-F48051E2BFC3}
[2012.06.27 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7CBCF33A-5F13-4B0A-B395-29762969CA3D}
[2012.06.27 03:50:28 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C40C7990-8CEF-4F51-998E-C7EACBBCAF71}
[2012.06.26 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D92AA852-D1CC-4449-AAA0-5EB2CA29702D}
[2012.06.26 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{02BD5822-BC4C-495D-BA9A-E4797248AB30}
[2012.06.26 03:48:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7DAF9FE8-5837-4D5C-A28A-87E10F2EB2E7}
[2012.06.25 15:47:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3F6C6DC4-D865-4222-90B1-DCCAE2394719}
[2012.06.25 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{C7970780-ACC1-40DC-A1AA-A1B3C38C926C}
[2012.06.24 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.24 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.24 15:47:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A46BFF78-E3D2-4BA1-9FBC-DE28B0A92092}
[2012.06.24 03:46:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{A8FA4AE3-C0A5-461B-814A-E542181DEF89}
[2012.06.24 03:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{FC160A0E-B70A-4648-8461-4174D64C5346}
[2012.06.23 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{D5104F4B-8736-4052-9840-8137FB2AD3EE}
[2012.06.23 03:45:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0AFEB484-C5F3-46E7-898B-D435F8A8A84C}
[2012.06.23 03:43:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{33553DD8-7565-400A-9B52-9DEB3CA2B37C}
[2012.06.22 13:54:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{2C9E7A4F-3668-4399-97C4-6698428EFB1A}
[2012.06.22 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{82F5EB66-B38C-4DE6-8EC7-C3555A6E9EF3}
[2012.06.22 01:52:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3578BC71-AAF3-41E2-AF46-404F31B71CB0}
[2012.06.20 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{BB53EB6A-2CAF-4ADE-931B-537DA6D77BAF}
[2012.06.20 01:59:13 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6C27D919-FDC9-4A9C-A81D-5C64B19D7916}
[2012.06.20 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DB46EB4C-5EBF-4CF9-AC17-9F6471B5FF73}
[2012.06.19 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{415943B8-5CD3-4E2F-9443-C507F6C0DD03}
[2012.06.18 01:57:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{87A94341-B390-451F-91FF-D9EF22F0406E}
[2012.06.17 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{19D5E307-D70E-4C4A-A34D-56FA1C98DA4E}
[2012.06.16 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84EB282A-D568-467B-9268-BEC21B125317}
[2012.06.16 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{DA372BE6-F2F9-4F27-A907-A5342FA0E1D1}
[2012.06.15 03:36:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{24C98FD5-2E31-4DDE-92FF-2AEF81F3815F}
[2012.06.14 23:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.14 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.14 15:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7A80E386-7BBD-47CE-A3BC-D6ED7096A299}
[2012.06.14 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Macromedia
[2012.06.14 03:33:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{E052B738-780C-4DD8-9B44-A26EFB620684}
[2012.06.14 03:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{6463369B-C33B-4A60-A2CD-FC8644D2632A}
[2012.06.13 14:55:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{425E9A86-E13B-4FE3-AB0E-0994F3A609BD}
[2012.06.13 02:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{0A412164-D9CD-479C-B94B-9753A947A120}
[2012.06.13 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{84A67436-EEEF-4DCB-8166-FD786A7CC2A8}
[2012.06.12 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.06.12 12:20:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{4E38FF88-98B3-4E5F-90A5-238500B6305C}
[2012.06.12 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{3D232EBE-09DE-46EB-AFC9-E272859DAF2C}
[2012.06.12 00:19:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{EEDC41B3-AEF8-445B-A4DA-DC11E717EF08}
[2012.06.11 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{5047F25D-758B-470F-B3A1-849C06B03F41}
[2012.06.11 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{7503E00B-C43B-4B29-AD09-ADEBCEAB27EA}
[2012.06.11 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{8AD3C198-1B6F-461E-99BA-E5127899F803}
[2012.06.10 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{548B4821-19FB-4445-9CAE-0C45CA944B41}
[2012.06.10 12:16:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\{38614C7D-790B-44A0-8B4E-85CF62B640D3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 15:29:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 15:29:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 15:10:15 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.07.09 14:59:52 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:59:52 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:56:37 | 001,633,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.09 14:56:37 | 000,703,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.09 14:56:37 | 000,658,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.09 14:56:37 | 000,151,708 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.09 14:56:37 | 000,124,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.09 14:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 14:51:33 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.09 14:51:22 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.09 14:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 14:27:43 | 000,618,655 | ---- | M] () -- C:\Users\xxxxx\Desktop\adwcleaner.exe
[2012.07.08 23:40:56 | 000,001,894 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.08 21:10:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.06 11:57:03 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 16:25:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 09:19:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2012.07.03 01:33:08 | 000,001,122 | ---- | M] () -- C:\Users\xxxxx\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.20 18:40:51 | 000,300,266 | ---- | M] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.14 21:40:43 | 000,342,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 17:36:45 | 000,000,447 | ---- | M] () -- C:\user.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\xxxxx\AppData\Roaming\*.tmp files -> C:\Users\xxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 14:27:39 | 000,618,655 | ---- | C] () -- C:\Users\xxxxx\Desktop\adwcleaner.exe
[2012.07.08 23:40:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 23:40:56 | 000,001,894 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 01:33:08 | 000,001,122 | ---- | C] () -- C:\Users\xxxxx\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 01:08:06 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.20 18:40:49 | 000,300,266 | ---- | C] () -- C:\Users\xxxxx\Documents\ts3_clientui-win64-1334913258-2012-06-20 18_40_49.167670.dmp
[2012.06.12 17:36:44 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.03.08 12:22:35 | 000,351,378 | ---- | C] () -- C:\Users\xxxxx\IMG_02932.jpg
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.15 14:21:54 | 000,000,838 | ---- | C] () -- C:\Users\xxxxx\.recently-used.xbel
[2011.11.04 16:22:49 | 000,000,072 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\blckdom.res
[2011.07.13 22:06:56 | 001,210,411 | ---- | C] () -- C:\Users\xxxxx\IMG_1040.JPG
[2011.07.13 22:06:54 | 000,968,566 | ---- | C] () -- C:\Users\xxxxx\IMG_1039.JPG
[2011.07.13 22:06:31 | 001,122,157 | ---- | C] () -- C:\Users\xxxxx\IMG_0970.JPG
[2011.07.13 22:06:27 | 001,172,241 | ---- | C] () -- C:\Users\xxxxx\IMG_0969.JPG
[2011.07.13 22:06:24 | 000,985,082 | ---- | C] () -- C:\Users\xxxxx\IMG_0966.JPG
[2011.07.13 22:06:17 | 001,257,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0960.JPG
[2011.07.13 22:06:15 | 001,391,715 | ---- | C] () -- C:\Users\xxxxx\IMG_0959.JPG
[2011.07.13 22:06:10 | 000,896,078 | ---- | C] () -- C:\Users\xxxxx\IMG_0947.JPG
[2011.07.13 22:04:50 | 000,757,495 | ---- | C] () -- C:\Users\xxxxx\IMG_0661.JPG
[2011.07.13 22:03:10 | 000,884,066 | ---- | C] () -- C:\Users\xxxxx\IMG_0293.JPG
[2011.07.13 22:01:26 | 000,753,673 | ---- | C] () -- C:\Users\xxxxx\IMG_0022.JPG
[2011.03.05 17:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.01 23:00:03 | 001,068,568 | ---- | C] () -- C:\Users\xxxxx\Wettbewerb.rar
[2011.01.26 10:35:31 | 001,655,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.19 20:09:45 | 000,010,900 | ---- | C] () -- C:\Users\xxxxx\.heldEinstellungen4_1.xml
[2010.11.19 20:09:42 | 000,000,628 | ---- | C] () -- C:\Users\xxxxx\.dsa4.properties
[2010.11.19 20:09:29 | 007,134,331 | ---- | C] () -- C:\Users\xxxxx\helden.jar
[2010.01.17 13:49:59 | 000,056,320 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2010.01.19 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camersoft
[2012.04.15 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camfrog
[2010.01.16 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe_Limited
[2010.01.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.03 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\go
[2012.02.15 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2012.07.02 16:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.03.30 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LolClient
[2011.05.22 04:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.10.19 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin
[2012.06.12 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio
[2011.10.19 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio.local
[2010.04.17 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\runic games
[2010.06.04 03:29:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Samsung
[2010.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shark007
[2012.06.27 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TS3Client
[2012.05.04 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ts3overlay
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.02.01 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2012.01.29 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\VshareComplete
[2010.01.16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Win7codecs
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
[2012.07.08 21:10:03 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
[2012.07.09 15:10:15 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
[2012.03.27 10:12:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2010.05.24 16:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Adobe
[2010.01.19 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camersoft
[2012.04.15 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Camfrog
[2010.01.16 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe_Limited
[2010.01.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Lite
[2010.05.13 02:08:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DivX
[2012.07.04 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\dvdcss
[2011.07.03 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\go
[2012.02.15 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2012.07.02 16:39:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2010.01.16 22:11:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Identities
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.03.30 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LolClient
[2010.01.16 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Macromedia
[2012.07.03 01:33:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Media Center Programs
[2012.06.14 12:57:57 | 000,000,000 | --SD | M] -- C:\Users\xxxxx\AppData\Roaming\Microsoft
[2011.03.05 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Mozilla
[2010.01.19 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\NCH Software
[2012.03.17 23:18:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\NVIDIA
[2011.05.22 04:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.10.19 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin
[2010.06.14 20:50:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Real
[2012.06.12 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio
[2011.10.19 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\RSSRadio.local
[2010.04.17 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\runic games
[2010.06.04 03:29:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Samsung
[2010.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shark007
[2012.07.08 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Skype
[2011.05.29 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\skypePM
[2011.03.05 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Sony Corporation
[2012.06.27 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TS3Client
[2012.05.04 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ts3overlay
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.02.01 02:20:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2012.07.08 23:54:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\vlc
[2012.01.29 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\VshareComplete
[2010.01.16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Win7codecs
[2010.04.25 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\WinRAR
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
[2010.02.25 00:51:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.01.24 01:23:33 | 000,010,134 | R--- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2012.03.16 23:41:51 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
[2010.03.31 15:49:46 | 000,341,344 | ---- | M] (Teruten Inc) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsAdmin64.exe
[2010.03.31 15:45:32 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsExService64.exe
[2010.03.31 15:47:20 | 000,214,368 | ---- | M] (Teruten) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsUsbExAdmin.exe
[2010.03.31 15:45:40 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\FsUsbExService.exe
[2010.03.31 15:48:58 | 002,385,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NewPCStudio.exe
[2010.03.31 15:46:06 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAgent.exe
[2010.03.31 15:45:50 | 000,128,344 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAlarm.exe
[2010.03.31 15:49:18 | 001,414,528 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAndroidCDMABinaryUpgrade.exe
[2010.03.31 15:46:14 | 001,516,928 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSAndroidGSMBinaryUpgrade.exe
[2010.03.31 15:45:12 | 000,210,264 | ---- | M] (PeeringPortal) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\npsasvr.exe
[2010.03.31 15:45:10 | 001,422,704 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSATNTBinaryUpgrade.exe
[2010.03.31 15:48:32 | 000,234,864 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSBackupAndRestore.exe
[2010.03.31 15:46:32 | 001,635,688 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSBinaryUpgrade.exe
[2010.03.31 15:49:26 | 000,750,944 | ---- | M] (Samsung Electronics Co., Ltd) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCDBurner.exe
[2010.03.31 15:49:40 | 000,886,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCDRipper.exe
[2010.03.31 15:45:38 | 002,073,976 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSChecker_BinaryUpgrade.exe
[2010.03.31 15:49:24 | 001,914,232 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSChecker_LiveUpgrade.exe
[2010.03.31 15:45:52 | 000,165,208 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCM.exe
[2010.03.31 15:46:26 | 000,079,208 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSConnection.exe
[2010.03.31 15:47:22 | 000,451,928 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSCW.exe
[2010.03.31 15:47:36 | 000,622,944 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDataHouse.exe
[2010.03.31 15:46:54 | 000,271,704 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDDay.exe
[2010.03.31 15:49:08 | 000,193,880 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDENG.exe
[2010.03.31 15:48:36 | 002,532,704 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDexplorer.exe
[2010.03.31 15:49:04 | 000,558,424 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDM.exe
[2010.03.31 15:47:14 | 000,947,552 | ---- | M] (Samsung Electronics Co., Ltd) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDMPPlayer.exe
[2010.03.31 15:49:44 | 001,467,736 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSDump.exe
[2010.03.31 15:46:30 | 000,169,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSEmailSync.exe
[2010.03.31 15:49:32 | 001,615,216 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSEmpBinaryUpgrade.exe
[2010.03.31 15:46:38 | 002,295,128 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSFull.exe
[2010.03.31 15:45:30 | 000,071,000 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSGuide.exe
[2010.03.31 15:49:12 | 000,091,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSGuide2.exe
[2010.03.31 15:49:02 | 001,455,472 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSIFXBinaryUpgrade.exe
[2010.03.31 15:49:38 | 000,300,392 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSImageViewer.exe
[2010.03.31 15:47:24 | 000,177,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSInstApp.exe
[2010.03.31 15:45:56 | 000,288,112 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSInternetConnector.exe
[2010.03.31 15:48:56 | 001,447,288 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSLimoGSMBinaryUpgrade.exe
[2010.03.31 15:49:28 | 006,313,320 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMediaManager.exe
[2010.03.31 15:47:08 | 000,238,936 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMemo.exe
[2010.03.31 15:48:54 | 000,660,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMessageManager.exe
[2010.03.31 15:47:06 | 001,426,800 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMitsBinaryUpgrade.exe
[2010.03.31 15:46:46 | 000,877,920 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMMSSender.exe
[2010.03.31 15:49:20 | 000,546,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMTPExplorer.exe
[2010.03.31 15:46:36 | 001,193,320 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMusicPlayer.exe
[2010.03.31 15:48:48 | 000,652,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMyDiary.exe
[2010.03.31 15:49:10 | 000,611,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSMyExplorer.exe
[2010.03.31 15:46:40 | 001,430,904 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNLCDMABinaryUpgrade.exe
[2010.03.31 15:46:44 | 001,402,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNLKRBinaryUpgrade.exe
[2010.03.31 15:44:58 | 002,479,464 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNotifyClient.exe
[2010.03.31 15:46:02 | 001,516,912 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSNXPBinaryUpgrade.exe
[2010.03.31 15:47:02 | 001,021,288 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSPhonebook2.exe
[2010.03.31 15:47:00 | 000,099,688 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSPwRecovery.exe
[2010.03.31 15:48:42 | 002,028,920 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSQualcommBinaryUpgrade.exe
[2010.03.31 15:47:28 | 000,660,832 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSScheduler.exe
[2010.03.31 15:46:10 | 001,512,824 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSecCDMABinaryUpgrade.exe
[2010.03.31 15:46:48 | 000,443,744 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSIMEditor.exe
[2010.03.31 15:45:42 | 000,226,656 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSMSSender.exe
[2010.03.31 15:47:12 | 001,021,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSStageSync.exe
[2010.03.31 15:46:24 | 001,422,712 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSSymbianBinaryUpgrade.exe
[2010.03.31 15:48:46 | 000,357,728 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSTimeTable.exe
[2010.03.31 15:47:42 | 000,337,240 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSToDo.exe
[2010.03.31 15:46:56 | 000,755,040 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSToWeb2.exe
[2010.03.31 15:46:16 | 000,791,920 | ---- | M] (TODO: <Company name>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVideoConverter.exe
[2010.03.31 15:45:02 | 000,673,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVideoPlayer.exe
[2010.03.31 15:48:40 | 000,271,712 | ---- | M] (TODO: <회사 이름>) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSVoiceMemo.exe
[2010.03.31 15:45:20 | 000,210,264 | ---- | M] (PeeringPortal) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\npsvsvr.exe
[2010.03.31 15:49:14 | 000,128,368 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWidgetContainer.exe
[2010.03.31 15:46:52 | 001,324,384 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWizard.exe
[2010.03.31 15:47:16 | 002,393,456 | ---- | M] (SAMSUNG) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\NPSWMBinaryUpgrade.exe
[2010.03.31 15:49:50 | 000,718,184 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\resources\cgi-bin\cgi-jpegscale.exe
[2010.03.31 15:48:22 | 015,965,024 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\xxxxx\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.12.18 04:53:00 | 000,091,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\VshareComplete\KeepMeUpdated.exe
[2011.12.18 04:53:00 | 000,091,128 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
<          >

< End of report >

cosinus 09.07.2012 14:55
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
MOD - C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe ()
IE - HKLM\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}: "URL" = http://www.slaago.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MruuIucd
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell\AutoRun\command - "" = F:\Installer.exe
[2012.07.04 16:25:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.09 15:29:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 23:40:56 | 000,001,894 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 17:36:44 | 000,000,447 | ---- | C] () -- C:\user.js
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
:Files
C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

SirInsanity 09.07.2012 15:11
hallo,
vielen dank schon mal wegen den toolbars
hier die logdatei
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1592EB48-0ADE-43C5-A327-5A010716C394}\ not found.
Registry key HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
File F:\Installer.exe not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\user.js moved successfully.
C:\Users\xxxxx\AppData\Roaming\5037\components folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5037 folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5038\components folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5038 folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\kock folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\UAs folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\xmldm folder moved successfully.
========== FILES ==========
C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: xxxxx
->Temp folder emptied: 14387953336 bytes
->Temporary Internet Files folder emptied: 5928930904 bytes
->Java cache emptied: 76531374 bytes
->FireFox cache emptied: 891057949 bytes
->Opera cache emptied: 20632681 bytes
->Flash cache emptied: 224701 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: UpdatusUser.*****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 408636811 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 734 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 20.709,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: xxxxx
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
User: UpdatusUser.*****
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07092012_160327

Files\Folders moved on Reboot...
C:\Users\xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...
File C:\Users\xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

Registry entries deleted on Reboot...

cosinus 09.07.2012 15:21
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

SirInsanity 09.07.2012 15:56
tdss-killer logdatei

Code:
16:50:49.0486 2656        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
16:50:49.0834 2656        ============================================================
16:50:49.0834 2656        Current date / time: 2012/07/09 16:50:49.0834
16:50:49.0834 2656        SystemInfo:
16:50:49.0834 2656       
16:50:49.0834 2656        OS Version: 6.1.7601 ServicePack: 1.0
16:50:49.0834 2656        Product type: Workstation
16:50:49.0834 2656        ComputerName: *****
16:50:49.0836 2656        UserName: xxxxx
16:50:49.0836 2656        Windows directory: C:\Windows
16:50:49.0836 2656        System windows directory: C:\Windows
16:50:49.0836 2656        Running under WOW64
16:50:49.0836 2656        Processor architecture: Intel x64
16:50:49.0836 2656        Number of processors: 2
16:50:49.0836 2656        Page size: 0x1000
16:50:49.0836 2656        Boot type: Normal boot
16:50:49.0836 2656        ============================================================
16:50:50.0354 2656        Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:50:50.0391 2656        Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:50:50.0396 2656        ============================================================
16:50:50.0396 2656        \Device\Harddisk0\DR0:
16:50:50.0396 2656        MBR partitions:
16:50:50.0396 2656        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:50:50.0396 2656        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
16:50:50.0396 2656        \Device\Harddisk1\DR1:
16:50:50.0396 2656        MBR partitions:
16:50:50.0396 2656        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:50:50.0396 2656        ============================================================
16:50:50.0396 2656        C: <-> \Device\Harddisk0\DR0\Partition1
16:50:50.0426 2656        D: <-> \Device\Harddisk1\DR1\Partition0
16:50:50.0426 2656        ============================================================
16:50:50.0426 2656        Initialize success
16:50:50.0426 2656        ============================================================
16:51:23.0514 40324        ============================================================
16:51:23.0514 40324        Scan started
16:51:23.0514 40324        Mode: Manual; SigCheck; TDLFS;
16:51:23.0514 40324        ============================================================
16:51:24.0084 40324        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:51:24.0187 40324        1394ohci - ok
16:51:24.0192 40324        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
16:51:24.0234 40324        acedrv11 - ok
16:51:24.0249 40324        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:51:24.0264 40324        ACPI - ok
16:51:24.0269 40324        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:51:24.0309 40324        AcpiPmi - ok
16:51:24.0342 40324        AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:24.0352 40324        AdobeFlashPlayerUpdateSvc - ok
16:51:24.0372 40324        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:24.0402 40324        adp94xx - ok
16:51:24.0419 40324        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:51:24.0437 40324        adpahci - ok
16:51:24.0447 40324        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:51:24.0459 40324        adpu320 - ok
16:51:24.0464 40324        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:51:24.0569 40324        AeLookupSvc - ok
16:51:24.0592 40324        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:51:24.0619 40324        AFD - ok
16:51:24.0624 40324        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:51:24.0634 40324        agp440 - ok
16:51:24.0639 40324        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:51:24.0652 40324        ALG - ok
16:51:24.0662 40324        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:51:24.0672 40324        aliide - ok
16:51:24.0677 40324        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:51:24.0679 40324        amdide - ok
16:51:24.0692 40324        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:51:24.0707 40324        AmdK8 - ok
16:51:24.0712 40324        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:51:24.0744 40324        AmdPPM - ok
16:51:24.0752 40324        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:51:24.0762 40324        amdsata - ok
16:51:24.0772 40324        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:24.0784 40324        amdsbs - ok
16:51:24.0787 40324        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:51:24.0797 40324        amdxata - ok
16:51:24.0802 40324        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:51:24.0892 40324        AppID - ok
16:51:24.0894 40324        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:51:24.0939 40324        AppIDSvc - ok
16:51:24.0939 40324        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:51:24.0984 40324        Appinfo - ok
16:51:24.0994 40324        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:51:25.0014 40324        AppMgmt - ok
16:51:25.0022 40324        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:51:25.0032 40324        arc - ok
16:51:25.0037 40324        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:51:25.0047 40324        arcsas - ok
16:51:25.0062 40324        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:51:25.0074 40324        aspnet_state - ok
16:51:25.0077 40324        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:25.0117 40324        AsyncMac - ok
16:51:25.0119 40324        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:51:25.0129 40324        atapi - ok
16:51:25.0142 40324        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
16:51:25.0157 40324        atksgt - ok
16:51:25.0184 40324        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:51:25.0227 40324        AudioEndpointBuilder - ok
16:51:25.0232 40324        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:51:25.0289 40324        AudioSrv - ok
16:51:25.0299 40324        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:51:25.0329 40324        AxInstSV - ok
16:51:25.0349 40324        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:51:25.0382 40324        b06bdrv - ok
16:51:25.0387 40324        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:25.0412 40324        b57nd60a - ok
16:51:25.0419 40324        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:51:25.0454 40324        BDESVC - ok
16:51:25.0457 40324        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:51:25.0502 40324        Beep - ok
16:51:25.0537 40324        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:51:25.0579 40324        BFE - ok
16:51:25.0614 40324        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:51:25.0669 40324        BITS - ok
16:51:25.0677 40324        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:25.0699 40324        blbdrive - ok
16:51:25.0704 40324        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:51:25.0724 40324        bowser - ok
16:51:25.0732 40324        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:25.0744 40324        BrFiltLo - ok
16:51:25.0747 40324        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:25.0769 40324        BrFiltUp - ok
16:51:25.0779 40324        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:51:25.0814 40324        Browser - ok
16:51:25.0827 40324        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:51:25.0849 40324        Brserid - ok
16:51:25.0854 40324        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:25.0864 40324        BrSerWdm - ok
16:51:25.0864 40324        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:25.0899 40324        BrUsbMdm - ok
16:51:25.0904 40324        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:25.0914 40324        BrUsbSer - ok
16:51:25.0919 40324        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:25.0937 40324        BTHMODEM - ok
16:51:25.0947 40324        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:51:25.0997 40324        bthserv - ok
16:51:26.0002 40324        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:26.0037 40324        cdfs - ok
16:51:26.0045 40324        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:51:26.0067 40324        cdrom - ok
16:51:26.0072 40324        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:51:26.0112 40324        CertPropSvc - ok
16:51:26.0117 40324        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:51:26.0127 40324        circlass - ok
16:51:26.0145 40324        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:51:26.0162 40324        CLFS - ok
16:51:26.0170 40324        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:26.0182 40324        clr_optimization_v2.0.50727_32 - ok
16:51:26.0187 40324        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:51:26.0200 40324        clr_optimization_v2.0.50727_64 - ok
16:51:26.0212 40324        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:26.0225 40324        clr_optimization_v4.0.30319_32 - ok
16:51:26.0237 40324        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:51:26.0250 40324        clr_optimization_v4.0.30319_64 - ok
16:51:26.0252 40324        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:26.0265 40324        CmBatt - ok
16:51:26.0265 40324        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:51:26.0277 40324        cmdide - ok
16:51:26.0295 40324        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:51:26.0320 40324        CNG - ok
16:51:26.0320 40324        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:51:26.0330 40324        Compbatt - ok
16:51:26.0330 40324        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:51:26.0370 40324        CompositeBus - ok
16:51:26.0372 40324        COMSysApp - ok
16:51:26.0375 40324        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:26.0385 40324        crcdisk - ok
16:51:26.0397 40324        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:51:26.0430 40324        CryptSvc - ok
16:51:26.0450 40324        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:51:26.0480 40324        CSC - ok
16:51:26.0505 40324        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:51:26.0532 40324        CscService - ok
16:51:26.0555 40324        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:51:26.0595 40324        DcomLaunch - ok
16:51:26.0600 40324        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:51:26.0660 40324        defragsvc - ok
16:51:26.0670 40324        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:51:26.0697 40324        DfsC - ok
16:51:26.0705 40324        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:51:26.0752 40324        Dhcp - ok
16:51:26.0755 40324        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:51:26.0800 40324        discache - ok
16:51:26.0805 40324        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:51:26.0815 40324        Disk - ok
16:51:26.0825 40324        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:51:26.0845 40324        Dnscache - ok
16:51:26.0855 40324        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:51:26.0910 40324        dot3svc - ok
16:51:26.0917 40324        dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:51:26.0932 40324        dot4 - ok
16:51:26.0935 40324        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:51:26.0965 40324        Dot4Print - ok
16:51:26.0967 40324        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:51:26.0995 40324        dot4usb - ok
16:51:27.0002 40324        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:51:27.0037 40324        DPS - ok
16:51:27.0040 40324        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:51:27.0057 40324        drmkaud - ok
16:51:27.0095 40324        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:27.0137 40324        DXGKrnl - ok
16:51:27.0145 40324        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:51:27.0175 40324        EapHost - ok
16:51:27.0295 40324        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:51:27.0395 40324        ebdrv - ok
16:51:27.0422 40324        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:51:27.0447 40324        EFS - ok
16:51:27.0475 40324        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:51:27.0507 40324        ehRecvr - ok
16:51:27.0515 40324        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:51:27.0535 40324        ehSched - ok
16:51:27.0815 40324        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:51:27.0835 40324        elxstor - ok
16:51:27.0840 40324        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:51:27.0857 40324        ErrDev - ok
16:51:27.0880 40324        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:51:27.0937 40324        EventSystem - ok
16:51:27.0947 40324        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:51:27.0987 40324        exfat - ok
16:51:27.0992 40324        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:51:28.0045 40324        fastfat - ok
16:51:28.0072 40324        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:51:28.0092 40324        Fax - ok
16:51:28.0105 40324        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:51:28.0117 40324        fdc - ok
16:51:28.0122 40324        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:51:28.0152 40324        fdPHost - ok
16:51:28.0157 40324        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:51:28.0190 40324        FDResPub - ok
16:51:28.0195 40324        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:51:28.0205 40324        FileInfo - ok
16:51:28.0207 40324        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:51:28.0260 40324        Filetrace - ok
16:51:28.0262 40324        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:28.0275 40324        flpydisk - ok
16:51:28.0287 40324        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:51:28.0305 40324        FltMgr - ok
16:51:28.0345 40324        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:51:28.0372 40324        FontCache - ok
16:51:28.0382 40324        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:51:28.0390 40324        FontCache3.0.0.0 - ok
16:51:28.0397 40324        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:51:28.0407 40324        FsDepends - ok
16:51:28.0412 40324        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:28.0415 40324        Fs_Rec - ok
16:51:28.0425 40324        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:51:28.0447 40324        fvevol - ok
16:51:28.0452 40324        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:28.0462 40324        gagp30kx - ok
16:51:28.0465 40324        Gizmo Central - ok
16:51:28.0470 40324        GizmoDrv        (ee8829b623542d8adc4dba65a1133741) C:\Windows\system32\drivers\GizmoDrv.sys
16:51:28.0470 40324        GizmoDrv - ok
16:51:28.0507 40324        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:51:28.0552 40324        gpsvc - ok
16:51:28.0555 40324        gupdate - ok
16:51:28.0560 40324        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:51:28.0580 40324        hcw85cir - ok
16:51:28.0595 40324        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:51:28.0617 40324        HdAudAddService - ok
16:51:28.0625 40324        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:51:28.0647 40324        HDAudBus - ok
16:51:28.0650 40324        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:28.0667 40324        HidBatt - ok
16:51:28.0672 40324        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:51:28.0687 40324        HidBth - ok
16:51:28.0690 40324        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:51:28.0717 40324        HidIr - ok
16:51:28.0722 40324        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:51:28.0760 40324        hidserv - ok
16:51:28.0762 40324        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:51:28.0782 40324        HidUsb - ok
16:51:28.0790 40324        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:51:28.0830 40324        hkmsvc - ok
16:51:28.0835 40324        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:51:28.0855 40324        HomeGroupListener - ok
16:51:28.0865 40324        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:51:28.0877 40324        HomeGroupProvider - ok
16:51:28.0882 40324        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:51:28.0895 40324        HpSAMD - ok
16:51:28.0922 40324        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:51:28.0975 40324        HTTP - ok
16:51:28.0980 40324        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:51:28.0987 40324        hwpolicy - ok
16:51:28.0995 40324        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:51:29.0007 40324        i8042prt - ok
16:51:29.0025 40324        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:51:29.0045 40324        iaStorV - ok
16:51:29.0080 40324        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:51:29.0107 40324        idsvc - ok
16:51:29.0112 40324        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:51:29.0122 40324        iirsp - ok
16:51:29.0155 40324        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:51:29.0200 40324        IKEEXT - ok
16:51:29.0205 40324        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:51:29.0205 40324        intelide - ok
16:51:29.0217 40324        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:29.0230 40324        intelppm - ok
16:51:29.0237 40324        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:51:29.0290 40324        IPBusEnum - ok
16:51:29.0292 40324        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:29.0340 40324        IpFilterDriver - ok
16:51:29.0362 40324        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:51:29.0400 40324        iphlpsvc - ok
16:51:29.0405 40324        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:51:29.0417 40324        IPMIDRV - ok
16:51:29.0422 40324        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:51:29.0485 40324        IPNAT - ok
16:51:29.0487 40324        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:51:29.0505 40324        IRENUM - ok
16:51:29.0510 40324        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:51:29.0517 40324        isapnp - ok
16:51:29.0530 40324        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:51:29.0545 40324        iScsiPrt - ok
16:51:29.0550 40324        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:51:29.0560 40324        kbdclass - ok
16:51:29.0565 40324        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:51:29.0582 40324        kbdhid - ok
16:51:29.0587 40324        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:29.0615 40324        KeyIso - ok
16:51:29.0617 40324        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:51:29.0632 40324        KSecDD - ok
16:51:29.0640 40324        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:51:29.0642 40324        KSecPkg - ok
16:51:29.0655 40324        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:51:29.0710 40324        ksthunk - ok
16:51:29.0725 40324        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:51:29.0762 40324        KtmRm - ok
16:51:29.0775 40324        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:51:29.0820 40324        LanmanServer - ok
16:51:29.0825 40324        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:51:29.0885 40324        LanmanWorkstation - ok
16:51:29.0895 40324        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
16:51:29.0915 40324        lirsgt - ok
16:51:29.0917 40324        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:29.0947 40324        lltdio - ok
16:51:29.0962 40324        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:51:30.0000 40324        lltdsvc - ok
16:51:30.0002 40324        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:51:30.0050 40324        lmhosts - ok
16:51:30.0067 40324        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:30.0080 40324        LSI_FC - ok
16:51:30.0087 40324        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:30.0097 40324        LSI_SAS - ok
16:51:30.0102 40324        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:30.0107 40324        LSI_SAS2 - ok
16:51:30.0117 40324        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:30.0130 40324        LSI_SCSI - ok
16:51:30.0137 40324        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:51:30.0167 40324        luafv - ok
16:51:30.0172 40324        lvpepf64        (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
16:51:30.0185 40324        lvpepf64 - ok
16:51:30.0215 40324        LVRS64          (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
16:51:30.0250 40324        LVRS64 - ok
16:51:30.0255 40324        LVUSBS64        (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
16:51:30.0255 40324        LVUSBS64 - ok
16:51:30.0267 40324        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:51:30.0275 40324        MBAMProtector - ok
16:51:30.0305 40324        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:30.0325 40324        MBAMService - ok
16:51:30.0332 40324        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:51:30.0347 40324        Mcx2Svc - ok
16:51:30.0352 40324        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:51:30.0355 40324        megasas - ok
16:51:30.0375 40324        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:30.0392 40324        MegaSR - ok
16:51:30.0397 40324        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:51:30.0427 40324        MMCSS - ok
16:51:30.0432 40324        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:51:30.0472 40324        Modem - ok
16:51:30.0475 40324        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:51:30.0485 40324        monitor - ok
16:51:30.0495 40324        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:51:30.0505 40324        mouclass - ok
16:51:30.0507 40324        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:30.0530 40324        mouhid - ok
16:51:30.0537 40324        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:51:30.0547 40324        mountmgr - ok
16:51:30.0555 40324        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:51:30.0565 40324        MozillaMaintenance - ok
16:51:30.0570 40324        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:51:30.0590 40324        MpFilter - ok
16:51:30.0597 40324        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:51:30.0607 40324        mpio - ok
16:51:30.0615 40324        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:51:30.0660 40324        mpsdrv - ok
16:51:30.0690 40324        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:51:30.0732 40324        MpsSvc - ok
16:51:30.0740 40324        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:51:30.0762 40324        MRxDAV - ok
16:51:30.0770 40324        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:30.0785 40324        mrxsmb - ok
16:51:30.0797 40324        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:30.0815 40324        mrxsmb10 - ok
16:51:30.0832 40324        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:30.0845 40324        mrxsmb20 - ok
16:51:30.0847 40324        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:51:30.0857 40324        msahci - ok
16:51:30.0865 40324        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:51:30.0875 40324        msdsm - ok
16:51:30.0885 40324        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:51:30.0900 40324        MSDTC - ok
16:51:30.0905 40324        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:51:30.0950 40324        Msfs - ok
16:51:30.0952 40324        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:51:30.0990 40324        mshidkmdf - ok
16:51:30.0995 40324        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:51:31.0000 40324        msisadrv - ok
16:51:31.0010 40324        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:51:31.0057 40324        MSiSCSI - ok
16:51:31.0062 40324        msiserver - ok
16:51:31.0067 40324        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:31.0120 40324        MSKSSRV - ok
16:51:31.0122 40324        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:51:31.0132 40324        MsMpSvc - ok
16:51:31.0135 40324        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:31.0192 40324        MSPCLOCK - ok
16:51:31.0202 40324        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:51:31.0230 40324        MSPQM - ok
16:51:31.0247 40324        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:51:31.0262 40324        MsRPC - ok
16:51:31.0270 40324        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:51:31.0272 40324        mssmbios - ok
16:51:31.0282 40324        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:51:31.0337 40324        MSTEE - ok
16:51:31.0342 40324        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:31.0357 40324        MTConfig - ok
16:51:31.0362 40324        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:51:31.0372 40324        Mup - ok
16:51:31.0392 40324        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:51:31.0437 40324        napagent - ok
16:51:31.0455 40324        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:31.0475 40324        NativeWifiP - ok
16:51:31.0512 40324        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:51:31.0545 40324        NDIS - ok
16:51:31.0552 40324        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:31.0592 40324        NdisCap - ok
16:51:31.0597 40324        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:31.0637 40324        NdisTapi - ok
16:51:31.0642 40324        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:31.0680 40324        Ndisuio - ok
16:51:31.0690 40324        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:31.0737 40324        NdisWan - ok
16:51:31.0742 40324        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:51:31.0777 40324        NDProxy - ok
16:51:31.0782 40324        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:51:31.0825 40324        NetBIOS - ok
16:51:31.0832 40324        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:51:31.0887 40324        NetBT - ok
16:51:31.0890 40324        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:31.0905 40324        Netlogon - ok
16:51:31.0920 40324        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:51:31.0955 40324        Netman - ok
16:51:31.0967 40324        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:31.0977 40324        NetMsmqActivator - ok
16:51:31.0980 40324        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:31.0987 40324        NetPipeActivator - ok
16:51:32.0007 40324        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:51:32.0067 40324        netprofm - ok
16:51:32.0072 40324        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:32.0080 40324        NetTcpActivator - ok
16:51:32.0082 40324        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:32.0085 40324        NetTcpPortSharing - ok
16:51:32.0095 40324        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:32.0110 40324        nfrd960 - ok
16:51:32.0117 40324        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:51:32.0125 40324        NisDrv - ok
16:51:32.0140 40324        NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:51:32.0155 40324        NisSrv - ok
16:51:32.0170 40324        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:51:32.0210 40324        NlaSvc - ok
16:51:32.0220 40324        NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
16:51:32.0230 40324        NMSAccessU - ok
16:51:32.0232 40324        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:51:32.0260 40324        Npfs - ok
16:51:32.0265 40324        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:51:32.0315 40324        nsi - ok
16:51:32.0320 40324        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:51:32.0360 40324        nsiproxy - ok
16:51:32.0422 40324        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:51:32.0467 40324        Ntfs - ok
16:51:32.0497 40324        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:51:32.0525 40324        Null - ok
16:51:33.0012 40324        nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:33.0350 40324        nvlddmkm - ok
16:51:33.0385 40324        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:51:33.0395 40324        nvraid - ok
16:51:33.0402 40324        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:51:33.0417 40324        nvstor - ok
16:51:33.0452 40324        nvsvc          (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:51:33.0490 40324        nvsvc - ok
16:51:33.0577 40324        nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:51:33.0630 40324        nvUpdatusService - ok
16:51:33.0665 40324        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:51:33.0675 40324        nv_agp - ok
16:51:33.0695 40324        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:51:33.0712 40324        odserv - ok
16:51:33.0717 40324        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:51:33.0740 40324        ohci1394 - ok
16:51:33.0747 40324        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:33.0757 40324        ose - ok
16:51:33.0772 40324        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:51:33.0790 40324        p2pimsvc - ok
16:51:33.0810 40324        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:51:33.0840 40324        p2psvc - ok
16:51:33.0847 40324        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:51:33.0867 40324        Parport - ok
16:51:33.0872 40324        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:51:33.0882 40324        partmgr - ok
16:51:33.0892 40324        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:51:33.0910 40324        PcaSvc - ok
16:51:33.0920 40324        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:51:33.0930 40324        pci - ok
16:51:33.0935 40324        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:51:33.0937 40324        pciide - ok
16:51:33.0947 40324        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:33.0957 40324        pcmcia - ok
16:51:33.0970 40324        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:51:33.0980 40324        pcw - ok
16:51:34.0005 40324        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:51:34.0052 40324        PEAUTH - ok
16:51:34.0105 40324        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:51:34.0140 40324        PeerDistSvc - ok
16:51:34.0170 40324        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:51:34.0182 40324        PerfHost - ok
16:51:34.0307 40324        PID_PEPI        (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
16:51:34.0380 40324        PID_PEPI - ok
16:51:34.0455 40324        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:51:34.0512 40324        pla - ok
16:51:34.0530 40324        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:51:34.0550 40324        PlugPlay - ok
16:51:34.0557 40324        Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
16:51:34.0567 40324        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:51:34.0567 40324        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:51:34.0572 40324        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:51:34.0587 40324        PNRPAutoReg - ok
16:51:34.0602 40324        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:51:34.0625 40324        PNRPsvc - ok
16:51:34.0645 40324        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:51:34.0687 40324        PolicyAgent - ok
16:51:34.0697 40324        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:51:34.0737 40324        Power - ok
16:51:34.0750 40324        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:34.0787 40324        PptpMiniport - ok
16:51:34.0792 40324        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:51:34.0802 40324        Processor - ok
16:51:34.0807 40324        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:51:34.0827 40324        ProfSvc - ok
16:51:34.0830 40324        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:34.0847 40324        ProtectedStorage - ok
16:51:34.0855 40324        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:51:34.0897 40324        Psched - ok
16:51:34.0955 40324        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:51:35.0002 40324        ql2300 - ok
16:51:35.0045 40324        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:35.0057 40324        ql40xx - ok
16:51:35.0067 40324        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:51:35.0090 40324        QWAVE - ok
16:51:35.0095 40324        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:51:35.0110 40324        QWAVEdrv - ok
16:51:35.0112 40324        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:35.0160 40324        RasAcd - ok
16:51:35.0162 40324        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:35.0197 40324        RasAgileVpn - ok
16:51:35.0205 40324        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:51:35.0235 40324        RasAuto - ok
16:51:35.0237 40324        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:35.0270 40324        Rasl2tp - ok
16:51:35.0285 40324        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:51:35.0342 40324        RasMan - ok
16:51:35.0347 40324        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:35.0382 40324        RasPppoe - ok
16:51:35.0387 40324        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:35.0417 40324        RasSstp - ok
16:51:35.0432 40324        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:35.0505 40324        rdbss - ok
16:51:35.0512 40324        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:35.0537 40324        rdpbus - ok
16:51:35.0540 40324        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:35.0570 40324        RDPCDD - ok
16:51:35.0580 40324        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:51:35.0605 40324        RDPDR - ok
16:51:35.0607 40324        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:51:35.0652 40324        RDPENCDD - ok
16:51:35.0657 40324        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:51:35.0690 40324        RDPREFMP - ok
16:51:35.0697 40324        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:51:35.0727 40324        RdpVideoMiniport - ok
16:51:35.0737 40324        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:51:35.0750 40324        RDPWD - ok
16:51:35.0760 40324        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:51:35.0772 40324        rdyboost - ok
16:51:35.0780 40324        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:51:35.0820 40324        RemoteAccess - ok
16:51:35.0835 40324        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:51:35.0862 40324        RemoteRegistry - ok
16:51:35.0872 40324        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:51:35.0915 40324        RpcEptMapper - ok
16:51:35.0920 40324        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:51:35.0935 40324        RpcLocator - ok
16:51:35.0957 40324        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:51:36.0000 40324        RpcSs - ok
16:51:36.0010 40324        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:36.0042 40324        rspndr - ok
16:51:36.0050 40324        RTL8167        (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:51:36.0072 40324        RTL8167 - ok
16:51:36.0075 40324        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:51:36.0087 40324        s3cap - ok
16:51:36.0087 40324        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:36.0110 40324        SamSs - ok
16:51:36.0117 40324        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:51:36.0127 40324        sbp2port - ok
16:51:36.0137 40324        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:51:36.0192 40324        SCardSvr - ok
16:51:36.0202 40324        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:51:36.0230 40324        scfilter - ok
16:51:36.0270 40324        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:51:36.0320 40324        Schedule - ok
16:51:36.0327 40324        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:51:36.0377 40324        SCPolicySvc - ok
16:51:36.0387 40324        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:51:36.0402 40324        SDRSVC - ok
16:51:36.0410 40324        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:51:36.0447 40324        secdrv - ok
16:51:36.0452 40324        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:51:36.0485 40324        seclogon - ok
16:51:36.0487 40324        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:51:36.0537 40324        SENS - ok
16:51:36.0542 40324        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:51:36.0555 40324        SensrSvc - ok
16:51:36.0557 40324        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:51:36.0587 40324        Serenum - ok
16:51:36.0592 40324        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:51:36.0610 40324        Serial - ok
16:51:36.0612 40324        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:51:36.0625 40324        sermouse - ok
16:51:36.0645 40324        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:51:36.0687 40324        SessionEnv - ok
16:51:36.0692 40324        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:51:36.0715 40324        sffdisk - ok
16:51:36.0717 40324        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:36.0742 40324        sffp_mmc - ok
16:51:36.0745 40324        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:51:36.0757 40324        sffp_sd - ok
16:51:36.0762 40324        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:36.0795 40324        sfloppy - ok
16:51:36.0812 40324        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:51:36.0847 40324        SharedAccess - ok
16:51:36.0872 40324        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:51:36.0910 40324        ShellHWDetection - ok
16:51:36.0912 40324        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:36.0925 40324        SiSRaid2 - ok
16:51:36.0930 40324        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:36.0940 40324        SiSRaid4 - ok
16:51:36.0952 40324        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:51:36.0962 40324        SkypeUpdate - ok
16:51:36.0970 40324        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:51:37.0010 40324        Smb - ok
16:51:37.0017 40324        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:51:37.0042 40324        SNMPTRAP - ok
16:51:37.0045 40324        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:51:37.0055 40324        spldr - ok
16:51:37.0077 40324        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:51:37.0132 40324        Spooler - ok
16:51:37.0262 40324        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:51:37.0357 40324        sppsvc - ok
16:51:37.0385 40324        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:51:37.0430 40324        sppuinotify - ok
16:51:37.0472 40324        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:51:37.0472 40324        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:51:37.0475 40324        sptd ( LockedFile.Multi.Generic ) - warning
16:51:37.0475 40324        sptd - detected LockedFile.Multi.Generic (1)
16:51:37.0497 40324        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:51:37.0515 40324        srv - ok
16:51:37.0535 40324        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:51:37.0570 40324        srv2 - ok
16:51:37.0610 40324        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:38.0000 40324        srvnet - ok
16:51:38.0010 40324        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:51:38.0060 40324        SSDPSRV - ok
16:51:38.0067 40324        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:51:38.0105 40324        SstpSvc - ok
16:51:38.0107 40324        ss_bus          (d21ff3592daee244ee8376830a672b52) C:\Windows\system32\DRIVERS\ss_bus.sys
16:51:38.0130 40324        ss_bus - ok
16:51:38.0135 40324        ss_mdfl        (451db3d10e6112e06b4506d4a7becec1) C:\Windows\system32\DRIVERS\ss_mdfl.sys
16:51:38.0140 40324        ss_mdfl - ok
16:51:38.0150 40324        ss_mdm          (ef40c8a268a5263a0ef48fed8e57cbed) C:\Windows\system32\DRIVERS\ss_mdm.sys
16:51:38.0160 40324        ss_mdm - ok
16:51:38.0165 40324        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
16:51:38.0177 40324        StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:51:38.0177 40324        StarOpen - detected UnsignedFile.Multi.Generic (1)
16:51:38.0182 40324        Steam Client Service - ok
16:51:38.0202 40324        Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:51:38.0225 40324        Stereo Service - ok
16:51:38.0230 40324        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:51:38.0240 40324        stexstor - ok
16:51:38.0262 40324        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:51:38.0295 40324        stisvc - ok
16:51:38.0300 40324        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:51:38.0310 40324        storflt - ok
16:51:38.0315 40324        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:51:38.0325 40324        storvsc - ok
16:51:38.0332 40324        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:51:38.0340 40324        swenum - ok
16:51:38.0360 40324        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:51:38.0405 40324        swprv - ok
16:51:38.0407 40324        Synth3dVsc - ok
16:51:38.0472 40324        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:51:38.0525 40324        SysMain - ok
16:51:38.0555 40324        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:51:38.0570 40324        TabletInputService - ok
16:51:38.0585 40324        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:51:38.0640 40324        TapiSrv - ok
16:51:38.0645 40324        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:51:38.0672 40324        TBS - ok
16:51:38.0752 40324        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:51:38.0802 40324        Tcpip - ok
16:51:38.0895 40324        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:38.0940 40324        TCPIP6 - ok
16:51:38.0980 40324        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:51:39.0012 40324        tcpipreg - ok
16:51:39.0015 40324        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:51:39.0035 40324        TDPIPE - ok
16:51:39.0040 40324        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:51:39.0065 40324        TDTCP - ok
16:51:39.0072 40324        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:51:39.0112 40324        tdx - ok
16:51:39.0117 40324        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:51:39.0127 40324        TermDD - ok
16:51:39.0155 40324        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:51:39.0200 40324        TermService - ok
16:51:39.0205 40324        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
16:51:39.0215 40324        TFsExDisk - ok
16:51:39.0220 40324        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:51:39.0242 40324        Themes - ok
16:51:39.0247 40324        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:51:39.0287 40324        THREADORDER - ok
16:51:39.0295 40324        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:51:39.0337 40324        TrkWks - ok
16:51:39.0347 40324        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:51:39.0385 40324        TrustedInstaller - ok
16:51:39.0392 40324        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:39.0425 40324        tssecsrv - ok
16:51:39.0432 40324        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:51:39.0460 40324        TsUsbFlt - ok
16:51:39.0462 40324        tsusbhub - ok
16:51:39.0470 40324        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:39.0502 40324        tunnel - ok
16:51:39.0507 40324        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:51:39.0517 40324        uagp35 - ok
16:51:39.0535 40324        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:51:39.0580 40324        udfs - ok
16:51:39.0587 40324        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:51:39.0602 40324        UI0Detect - ok
16:51:39.0610 40324        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:51:39.0620 40324        uliagpkx - ok
16:51:39.0622 40324        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:51:39.0640 40324        umbus - ok
16:51:39.0645 40324        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:51:39.0670 40324        UmPass - ok
16:51:39.0682 40324        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:51:39.0702 40324        UmRdpService - ok
16:51:39.0720 40324        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:51:39.0767 40324        upnphost - ok
16:51:39.0775 40324        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:51:39.0790 40324        usbaudio - ok
16:51:39.0795 40324        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:39.0820 40324        usbccgp - ok
16:51:39.0825 40324        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:51:39.0845 40324        usbcir - ok
16:51:39.0850 40324        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:39.0875 40324        usbehci - ok
16:51:39.0890 40324        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:39.0907 40324        usbhub - ok
16:51:39.0912 40324        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:51:39.0930 40324        usbohci - ok
16:51:39.0932 40324        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:39.0950 40324        usbprint - ok
16:51:39.0957 40324        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:39.0970 40324        USBSTOR - ok
16:51:39.0975 40324        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:39.0985 40324        usbuhci - ok
16:51:39.0992 40324        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:51:40.0047 40324        UxSms - ok
16:51:40.0052 40324        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:40.0062 40324        VaultSvc - ok
16:51:40.0067 40324        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:51:40.0077 40324        vdrvroot - ok
16:51:40.0100 40324        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:51:40.0137 40324        vds - ok
16:51:40.0140 40324        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:40.0170 40324        vga - ok
16:51:40.0172 40324        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:51:40.0212 40324        VgaSave - ok
16:51:40.0217 40324        VGPU - ok
16:51:40.0227 40324        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:51:40.0240 40324        vhdmp - ok
16:51:40.0245 40324        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:51:40.0255 40324        viaide - ok
16:51:40.0257 40324        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:51:40.0267 40324        vmbus - ok
16:51:40.0280 40324        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:51:40.0297 40324        VMBusHID - ok
16:51:40.0302 40324        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:51:40.0312 40324        volmgr - ok
16:51:40.0327 40324        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:51:40.0350 40324        volmgrx - ok
16:51:40.0362 40324        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:51:40.0377 40324        volsnap - ok
16:51:40.0387 40324        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:40.0397 40324        vsmraid - ok
16:51:40.0457 40324        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:51:40.0520 40324        VSS - ok
16:51:40.0547 40324        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:51:40.0570 40324        vwifibus - ok
16:51:40.0587 40324        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:51:40.0627 40324        W32Time - ok
16:51:40.0635 40324        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:51:40.0657 40324        WacomPen - ok
16:51:40.0662 40324        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:40.0700 40324        WANARP - ok
16:51:40.0702 40324        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:40.0730 40324        Wanarpv6 - ok
16:51:40.0785 40324        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:51:40.0830 40324        wbengine - ok
16:51:40.0862 40324        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:51:40.0887 40324        WbioSrvc - ok
16:51:40.0902 40324        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:51:40.0925 40324        wcncsvc - ok
16:51:40.0930 40324        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:51:40.0965 40324        WcsPlugInService - ok
16:51:40.0970 40324        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:51:40.0980 40324        Wd - ok
16:51:41.0005 40324        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:51:41.0032 40324        Wdf01000 - ok
16:51:41.0042 40324        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:51:41.0080 40324        WdiServiceHost - ok
16:51:41.0082 40324        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:51:41.0105 40324        WdiSystemHost - ok
16:51:41.0117 40324        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:51:41.0135 40324        WebClient - ok
16:51:41.0147 40324        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:51:41.0197 40324        Wecsvc - ok
16:51:41.0205 40324        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:51:41.0252 40324        wercplsupport - ok
16:51:41.0260 40324        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:51:41.0302 40324        WerSvc - ok
16:51:41.0307 40324        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:41.0355 40324        WfpLwf - ok
16:51:41.0357 40324        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:51:41.0367 40324        WIMMount - ok
16:51:41.0370 40324        WinDefend - ok
16:51:41.0377 40324        WinHttpAutoProxySvc - ok
16:51:41.0392 40324        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:51:41.0435 40324        Winmgmt - ok
16:51:41.0510 40324        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:51:41.0587 40324        WinRM - ok
16:51:41.0632 40324        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:41.0645 40324        WinUsb - ok
16:51:41.0680 40324        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:51:41.0717 40324        Wlansvc - ok
16:51:41.0807 40324        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:41.0862 40324        wlidsvc - ok
16:51:41.0887 40324        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:51:41.0902 40324        WmiAcpi - ok
16:51:41.0917 40324        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:51:41.0932 40324        wmiApSrv - ok
16:51:41.0937 40324        WMPNetworkSvc - ok
16:51:41.0942 40324        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:51:41.0952 40324        WPCSvc - ok
16:51:41.0960 40324        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:51:41.0982 40324        WPDBusEnum - ok
16:51:41.0985 40324        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:51:42.0030 40324        ws2ifsl - ok
16:51:42.0037 40324        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:51:42.0057 40324        wscsvc - ok
16:51:42.0060 40324        WSearch - ok
16:51:42.0150 40324        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:51:42.0212 40324        wuauserv - ok
16:51:42.0250 40324        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:51:42.0282 40324        WudfPf - ok
16:51:42.0290 40324        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:42.0325 40324        WUDFRd - ok
16:51:42.0332 40324        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:51:42.0365 40324        wudfsvc - ok
16:51:42.0377 40324        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:51:42.0402 40324        WwanSvc - ok
16:51:42.0410 40324        xusb21          (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
16:51:42.0430 40324        xusb21 - ok
16:51:42.0457 40324        YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:51:42.0477 40324        YahooAUService - ok
16:51:42.0480 40324        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:51:42.0560 40324        \Device\Harddisk0\DR0 - ok
16:51:42.0562 40324        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:51:42.0630 40324        \Device\Harddisk1\DR1 - ok
16:51:42.0632 40324        Boot (0x1200)  (09d47519dd8d85d5d880d78edd072a18) \Device\Harddisk0\DR0\Partition0
16:51:42.0632 40324        \Device\Harddisk0\DR0\Partition0 - ok
16:51:42.0635 40324        Boot (0x1200)  (33aeb7fb96bac3b8e93e36e53699fc2a) \Device\Harddisk0\DR0\Partition1
16:51:42.0635 40324        \Device\Harddisk0\DR0\Partition1 - ok
16:51:42.0640 40324        Boot (0x1200)  (edf31b6d8b85f95e236a9e24d0dd56b3) \Device\Harddisk1\DR1\Partition0
16:51:42.0640 40324        \Device\Harddisk1\DR1\Partition0 - ok
16:51:42.0640 40324        ============================================================
16:51:42.0640 40324        Scan finished
16:51:42.0640 40324        ============================================================
16:51:42.0650 40316        Detected object count: 3
16:51:42.0650 40316        Actual detected object count: 3
16:52:54.0770 40316        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:54.0770 40316        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:54.0772 40316        sptd ( LockedFile.Multi.Generic ) - skipped by user
16:52:54.0772 40316        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:52:54.0772 40316        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:54.0772 40316        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 09.07.2012 18:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

SirInsanity 10.07.2012 13:37
hallo,

habe combofix ausgeführt, bei dem von combofix durchgeführten neustart konnte ich dann keine programme aufrufen, habe danach noch einen neustart gemacht, jetzt tut wieder alles.


Code:
ComboFix 12-07-10.01 - xxxxx 10.07.2012  13:52:28.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4094.2642 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxxx\AppData\Roaming\AcroIEHelpe.txt
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\xxxxx\AppData\Roaming\srvblck2.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-10 bis 2012-07-10  ))))))))))))))))))))))))))))))
.
.
2012-07-10 11:56 . 2012-07-10 11:56        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 14:56 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A87643D6-A76F-405F-890A-718E9D94ECA8}\mpengine.dll
2012-07-09 14:03 . 2012-07-09 14:03        --------        d-----w-        C:\_OTL
2012-07-08 19:20 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-06 09:57 . 2012-07-06 09:57        --------        d-----w-        c:\program files (x86)\ESET
2012-07-04 16:48 . 2012-02-11 20:15        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAEE68A9-C31D-4CA4-979B-C05EE15B2410}\gapaengine.dll
2012-07-02 23:33 . 2012-07-02 23:33        --------        d-----w-        c:\users\xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 23:33 . 2012-07-02 23:33        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 23:33 . 2012-07-02 23:33        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 23:33 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 19:45 . 2012-06-24 19:45        --------        d-----w-        c:\program files (x86)\Microsoft
2012-06-24 12:15 . 2012-06-24 12:15        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 12:15 . 2012-06-24 12:15        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 23:55 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 23:55 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 23:55 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 23:55 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 23:55 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 23:55 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 23:55 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 23:54 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 23:54 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-14 21:24 . 2012-06-26 01:20        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-06-14 21:24 . 2012-06-24 12:15        157608        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-14 21:24 . 2012-06-24 12:15        113120        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-14 10:57 . 2012-06-14 10:57        --------        d-----w-        c:\users\xxxxx\AppData\Local\Macromedia
2012-06-14 01:37 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-14 01:37 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-14 01:37 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-12 15:35 . 2012-06-12 15:58        --------        d-----w-        c:\program files (x86)\JDownloader
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 01:47 . 2012-04-02 22:57        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 01:47 . 2011-05-17 11:09        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Facebook Update"="c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-06 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-17 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-03-26 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-21 834544]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:47]
.
2012-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
- c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-06 20:04]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
- c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-06 20:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}]
2011-12-18 02:53        167416        ----a-w-        c:\users\xxxxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
TCP: Interfaces\{61117D82-11E3-4CF7-A9E5-C8D4BBC29531}: NameServer = 213.191.74.18 62.109.123.196
FF - ProfilePath - c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
AddRemove-vShare plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-10  14:02:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-10 12:02
.
Vor Suchlauf: 10 Verzeichnis(se), 43.627.917.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 43.499.745.280 Bytes frei
.
- - End Of File - - CD1083CA434473A2527B3B0DE3B34855

cosinus 10.07.2012 20:16
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

SirInsanity 11.07.2012 19:15
gmer logile

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-11 20:13:15
Windows 6.1.7601 Service Pack 1
Running: 64jk4z6v.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8B 0xA8 0xFB 0x7D ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x13 0xD5 0xE8 0xF1 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2E 0xEA 0xB6 0x0D ...
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8B 0xA8 0xFB 0x7D ...
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x13 0xD5 0xE8 0xF1 ...
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2E 0xEA 0xB6 0x0D ...

---- EOF - GMER 1.0.15 ----
osamlog

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:18:13 on 11.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job" - "Facebook Inc." - C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job" - "Facebook Inc." - C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"a9qksfce" (a9qksfce) - "Microsoft Corporation" - C:\Windows\system32\drivers\a9qksfce.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Gizmo Device Driver" (GizmoDrv) - "Arainia Solutions LLC" - C:\Windows\system32\drivers\GizmoDrv.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"TFsExDisk" (TFsExDisk) - "Teruten Inc" - C:\Windows\System32\Drivers\TFsExDisk.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.2\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update" - "Facebook Inc." - "C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"ICQ" - "ICQ, LLC." - "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
"Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ContentTransferWMDetector.exe" - "Sony Corporation" - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Gizmo Central" (Gizmo Central) - ? - C:\Program Files (x86)\Gizmo\gservice.exe  (File not found)
"Google Update Service (gupdate)" (gupdate) - ? - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswmbrlog

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 20:21:18
-----------------------------
20:21:18.703    OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:18.703    Number of processors: 2 586 0x170A
20:21:18.703    ComputerName: *****  UserName: xxxxx
20:21:19.873    Initialize success
20:22:21.217    AVAST engine defs: 12071101
20:22:28.003    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:22:28.003    Disk 0 Vendor: CORSAIR_CMFSSD-128GBG1D__Z VAM0501Q Size: 122104MB BusType: 3
20:22:28.018    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
20:22:28.018    Disk 1 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
20:22:28.018    Disk 0 MBR read successfully
20:22:28.018    Disk 0 MBR scan
20:22:28.018    Disk 0 Windows 7 default MBR code
20:22:28.018    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:22:28.018    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      122002 MB offset 206848
20:22:28.034    Disk 0 scanning C:\Windows\system32\drivers
20:22:37.238    Service scanning
20:22:47.877    Modules scanning
20:22:47.877    Disk 0 trace - called modules:
20:22:48.486    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043dd2c0]<<spvc.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:22:48.486    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046bf060]
20:22:48.486    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004571520]
20:22:48.501    5 ACPI.sys[fffff880011697a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004573060]
20:22:48.501    \Driver\atapi[0xfffffa800454ae70] -> IRP_MJ_CREATE -> 0xfffffa80043dd2c0
20:22:54.507    AVAST engine scan C:\Windows
20:22:55.147    AVAST engine scan C:\Windows\system32
20:24:08.685    AVAST engine scan C:\Windows\system32\drivers
20:24:12.071    AVAST engine scan C:\Users\xxxxx
20:25:31.194    AVAST engine scan C:\ProgramData
20:25:45.905    Scan finished successfully
20:26:00.553    Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\MBR.dat"
20:26:00.553    The log file has been saved successfully to "C:\Users\xxxxx\Desktop\aswMBR.txt"

cosinus 12.07.2012 10:00
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SirInsanity 13.07.2012 14:07
SAS-Log

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/13/2012 at 03:00 PM

Application Version : 5.5.1006

Core Rules Database Version : 8894
Trace Rules Database Version: 6706

Scan type      : Complete Scan
Total Scan Time : 00:55:32

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 523
Memory threats detected  : 0
Registry items scanned    : 72631
Registry threats detected : 0
File items scanned        : 161094
File threats detected    : 1917



Trojan.Agent/Gen-Frauder
        C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\SEQ2AVI.EXE
alles andere waren cookies, die ich aber cniht komplett hätte posten können, da es zu viele Zeichen waren, wenn cih sie trotzdem posten soll, sag bescheid, dann teil ich sie auf.

MAM-Log

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxxx :: ****** [Administrator]

Schutz: Aktiviert

13.07.2012 15:09:05
mbam-log-2012-07-13 (15-09-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 436875
Laufzeit: 15 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 13.07.2012 20:50
Sieht ok aus, nur ein Fehlalarm und sonst Cookies

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

SirInsanity 17.07.2012 12:58
Hallo Arne,

so weit ich das beurteilen kann läuft das system wieder störungsfrei. werd heut glaub nochmal komplett scans durchführen soweit da nochmal meldungen kommen, werd ich diese posten.
die meisten der programme die ich nun auf dem desktop habe, sollt ich wohl wieder löschen, was ist sinnvoll als schutz und was ist überhaupt nicht sinnvoll, gubt es einen schutz vor dem gvu trojaner und ähnlichem?
würde mcih freuen wenn du mir da noch ein wenig helfen kannst, dass ich nciht gleich in nem monat wieder hier was posten muss.
Gruß

hab da zb mal was über die sandybox gelesen, ist sowas sinnvoll?

cosinus 18.07.2012 11:28
Ja Sandboxie ist ok und kann sinnvoll sein

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131