It all started several days ago. All of a sudden I would get an enormous amount of pop-up ads - up to 20 per hour. Each ad was blocked by Avast which accompanied each blocking-action with the message "Malicious URL blocked." The URL's were said to originate from my computer.
I immediately scanned my system with Avast, Malwarebytes, Ad-Aware and Spybot - with no results. Eventually a couple of ads managed to slip through, but at first nothing happened.
Then, Avast alerted me to the Trojan Downloader "Karagany." Scans still didn't unearth anything.
Two days ago, Avast suddenly quarantined two files in the "AppData/Local/Temp folders": "~!#2B4.tmp" and "~!#9073.tmp"
The first is described as "Win32:Dropper-gen", the second one as "Win32:Karagany-FS"
Yesterday, Avast detected another threat in a file called "msivea.bat" and located in the "Local Settings/Temp" folder. This file was quarantined as well.
Today I was alerted to another problem which Avast couldn't classify as a threat but warned me of.
I submitted the file to Virus Total which brought up three results. The file is called "wuuc.exe" and is located in "AppData/Roaming/Ahuhaz." Microsoft describes it as "VirTool:Win32/Obfuscator.XT," Emsissoft as "VirTool.Win32.Obfuscator.AMN!A2," and NOD32 as "a variant of Win32/Injector.QWP." I scanned it with Avast, MBAM and Windows Defender but with no results. I have added the file to the "Virus Chest."
I am getting fewer pop-ups now, if any, maybe because it's "mission accomplished" for the Malware. Anyway, I would be incredibly grateful if you could save me, as I am in a state of panic. Restoring my computer to the original settings would cause a massive headache for me as the DVD drive no longer works properly.
Thank you SO MUCH for your help!
Marcus
Here is the OTL log (there is also another log called "Extras," but based on what I read you don't need it just now:)
OTL logfile created on: 03.05.2012 19:30:08 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\##\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 33,02% Memory free
4,23 Gb Paging File | 1,52 Gb Available in Paging File | 35,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 5,18 Gb Free Space | 9,27% Space Free | Partition Type: NTFS
Drive D: | 48,82 Gb Total Space | 23,84 Gb Free Space | 48,83% Space Free | Partition Type: NTFS
Computer Name: ##-PC | User Name: ## | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.05.03 19:02:25 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\##\Downloads\OTL.exe
PRC - [2012.04.26 11:09:37 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.31 18:50:46 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.08.11 17:27:42 | 015,490,560 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\nexdef.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.04 14:59:48 | 000,506,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.12.17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010.12.17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010.12.02 13:22:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010.06.26 20:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009.10.26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.07.19 20:38:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009.07.19 15:06:55 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 11:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 12:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 09:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.26 11:09:36 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.04.25 01:20:14 | 000,079,872 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko12.dll
MOD - [2012.04.18 07:22:45 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.12.11 17:53:40 | 000,015,760 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2011.08.11 17:27:44 | 000,159,744 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011.08.11 17:27:44 | 000,069,632 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011.08.11 17:27:42 | 015,490,560 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\nexdef.exe
MOD - [2011.08.11 17:27:40 | 000,126,976 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011.08.11 17:27:40 | 000,020,480 | ---- | M] () -- C:\Users\##\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.29 21:58:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.06.29 21:58:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.29 21:56:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.29 21:56:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.29 21:55:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.29 21:54:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.29 21:53:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.06.29 10:31:12 | 000,652,800 | ---- | M] () -- C:\PROGRA~1\IZArc\IZArcCM.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009.07.19 20:38:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2009.07.19 20:00:09 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:09 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.07.19 20:00:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.07.19 20:00:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:08 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.07.19 20:00:08 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2700.37095__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009.07.19 20:00:08 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.07.19 20:00:07 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.07.19 19:59:41 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:41 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.07.19 19:59:41 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:41 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:41 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:41 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.07.19 19:59:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:40 | 000,917,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2700.37089__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.07.19 19:59:40 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:39 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.07.19 19:59:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.07.19 19:59:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.07.19 19:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.07.19 19:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.07.19 19:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.07.19 19:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.07.19 19:59:37 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.07.19 19:59:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.07.19 19:59:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.07.19 19:59:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.07.19 19:59:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.07.19 19:59:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.07.19 19:59:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.07.19 19:59:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.07.19 19:59:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.07.19 19:59:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.07.19 19:59:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.07.19 19:59:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.07.19 19:59:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.07.19 19:59:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.07.19 19:59:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009.07.19 19:59:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.07.19 19:59:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.07.19 19:59:27 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2009.07.19 19:59:26 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.07.19 19:59:26 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.07.19 19:59:26 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.07.19 19:59:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.07.19 19:59:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.07.19 19:59:26 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.07.19 19:59:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.07.19 19:59:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.07.19 19:59:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.07.19 19:59:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.07.19 19:59:26 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.07.19 19:59:25 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.07.19 19:59:25 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.07.19 19:59:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.07.19 19:59:25 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.07.19 19:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.07.19 19:59:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.07.19 19:59:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.07.19 19:59:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.07.19 19:59:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.07.19 14:19:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.19 14:15:29 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.07.28 00:26:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
MOD - [2007.06.15 20:16:34 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2006.10.26 00:37:52 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\GERSTRING.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.04.26 11:09:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.18 07:22:46 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.12.17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.19 17:12:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Users\MARCUS~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\MARCUS~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.31 18:51:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.28 00:36:38 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 12:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 10:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 03:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2E453EC3-4784-48EF-BC70-2E63AF1D4139}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1060933&q="
FF - prefs.js..network.proxy.http: "80.194.50.123"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\##\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\##\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\##\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\##\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.10 23:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.31 01:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 12:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 09:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.26 11:09:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.19 14:08:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.10 23:33:49 | 000,000,000 | ---D | M]
[2009.08.12 18:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\##\AppData\Roaming\mozilla\Extensions
[2009.08.12 18:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\##\AppData\Roaming\mozilla\Extensions\[email protected]
[2012.05.02 11:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\##\AppData\Roaming\mozilla\Firefox\Profiles\w7bg3tnv.default\extensions
[2012.04.26 07:18:48 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\##\AppData\Roaming\mozilla\Firefox\Profiles\w7bg3tnv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.12.19 21:20:52 | 000,000,933 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\11-suche.xml
[2010.10.20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\conduit.xml
[2011.12.19 21:20:52 | 000,002,419 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 21:20:52 | 000,010,525 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\gmx-suche.xml
[2011.12.19 21:20:52 | 000,002,457 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\lastminute.xml
[2011.12.19 21:20:51 | 000,005,508 | ---- | M] () -- C:\Users\##\AppData\Roaming\Mozilla\Firefox\Profiles\w7bg3tnv.default\searchplugins\webde-suche.xml
[2012.01.08 10:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.27 22:36:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.03.24 12:53:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\##\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W7BG3TNV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009.07.23 23:09:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.04.26 11:09:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.11 17:53:42 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.22 01:58:20 | 001,632,208 | ---- | M] (cedelia) -- C:\Program Files\mozilla firefox\plugins\NPStreamPlug.dll
[2012.03.05 09:14:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.05 09:14:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.05 09:14:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.05 09:14:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.05 09:14:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.05 09:14:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\##\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\##\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\##\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: StreamPlug Video Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\##\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\##\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\##\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\##\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\##\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\##\AppData\Local\Autobahn\nexdef.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D93D2B-10BA-4C09-B339-3BE90B2B2BBD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\##\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\##\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{469e48a2-e013-11de-a4fe-001d6050c6e7}\Shell - "" = AutoRun
O33 - MountPoints2\{469e48a2-e013-11de-a4fe-001d6050c6e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6a9c32c2-7470-11de-a540-001d6050c6e7}\Shell - "" = AutoRun
O33 - MountPoints2\{6a9c32c2-7470-11de-a540-001d6050c6e7}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6a9c32c2-7470-11de-a540-001d6050c6e7}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6a9c32c2-7470-11de-a540-001d6050c6e7}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{a1338c7e-de5d-11de-aaad-001d6050c6e7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe uc.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.05.03 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\##\AppData\Roaming\Tyyv
[2012.05.03 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\##\AppData\Roaming\Qaas
[2012.05.03 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\##\AppData\Roaming\Ahuhaz
[2012.05.02 13:47:18 | 000,000,000 | ---D | C] -- C:\Users\##\AppData\Local\DDMSettings
[2012.05.01 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\##\Local Settings
[2012.04.26 11:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 11:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.19 14:05:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.17 16:26:33 | 000,000,000 | ---D | C] -- C:\Users\##\Desktop\Buch
[2012.04.17 08:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012.04.17 01:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.04.17 01:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.04.17 01:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2012.04.17 01:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.04.15 20:04:17 | 000,000,000 | ---D | C] -- C:\Users\##\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.04.12 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.04.12 20:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
========== Files - Modified Within 30 Days ==========
[2012.05.03 19:55:07 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2466470599-2715821156-1562772817-1000UA.job
[2012.05.03 19:55:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2466470599-2715821156-1562772817-1000Core.job
[2012.05.03 19:48:31 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 19:48:30 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 19:11:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 13:51:11 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.05.03 13:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.03 11:35:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.03 10:55:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.03 10:55:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.03 10:55:27 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.03 10:55:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.03 02:00:40 | 000,002,084 | ---- | M] () -- C:\Users\##\Desktop\Google Chrome.lnk
[2012.05.02 22:44:22 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.05.02 22:44:22 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.05.01 16:53:35 | 000,002,631 | ---- | M] () -- C:\Users\##\Desktop\Microsoft Office Word 2007.lnk
[2012.05.01 16:11:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.04.22 16:00:30 | 000,002,633 | ---- | M] () -- C:\Users\##\Desktop\Microsoft Office Excel 2007.lnk
[2012.04.19 14:08:01 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.18 18:42:04 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.17 16:51:07 | 000,123,904 | ---- | M] () -- C:\Users\##\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.15 20:35:27 | 000,000,879 | ---- | M] () -- C:\Users\##\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2012.04.15 20:12:17 | 000,023,570 | ---- | M] () -- C:\Users\##\Documents\cc_20120415_201202.reg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012.04.19 14:08:01 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.19 14:08:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.04.15 20:35:27 | 000,000,879 | ---- | C] () -- C:\Users\##\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2012.04.15 20:12:09 | 000,023,570 | ---- | C] () -- C:\Users\##\Documents\cc_20120415_201202.reg
[2012.04.15 20:04:53 | 000,002,084 | ---- | C] () -- C:\Users\##\Desktop\Google Chrome.lnk
[2012.04.04 09:04:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.30 23:57:24 | 000,000,256 | ---- | C] () -- C:\ProgramData\Z60z2AbbN00hdd
[2011.12.11 17:59:32 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.08.31 18:52:23 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.31 18:52:23 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.03.04 09:23:35 | 000,001,356 | ---- | C] () -- C:\Users\##\AppData\Local\d3d9caps.dat
[2010.10.27 22:38:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.14 19:24:51 | 000,000,000 | ---- | C] () -- C:\Users\##\AppData\Local\prvlcl.dat
[2010.09.05 12:26:56 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.09.05 12:26:56 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.09.05 12:26:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.09.05 12:26:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.08.30 09:28:51 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.07.10 23:20:18 | 000,183,070 | ---- | C] () -- C:\Windows\hpoins36.dat
========== LOP Check ==========
[2012.05.03 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Ahuhaz
[2010.01.25 00:20:35 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Any Video Converter
[2009.07.21 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Cedelia
[2009.07.19 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\DAEMON Tools Pro
[2012.03.31 01:46:09 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\FreeFLVConverter
[2012.03.31 01:46:09 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\FreeVideoConverter
[2011.10.07 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\MicroST
[2012.04.02 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Octoshape
[2009.07.19 12:21:25 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Opera
[2012.05.03 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Qaas
[2009.08.16 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\StreamTorrent
[2009.07.19 12:30:28 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\TuneUp Software
[2012.05.03 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Tyyv
[2010.11.15 14:39:38 | 000,000,000 | ---D | M] -- C:\Users\##\AppData\Roaming\Xilisoft
[2012.05.03 11:35:29 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >