|
Plagegeister aller Art und deren Bekämpfung: cpu auslastung dauerhaft von 20-50%Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2012, 16:52 | #1 |
| cpu auslastung dauerhaft von 20-50% also wie oben schon da steht ist meine cpuauslastung dauerhaft von 20-50% sobald ich nur den browser auf mache ich hab mal einen scan mit dme escan durchgeführt und das ist das ergebniss Datei C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll ist durch den Virus "Gen:Trojan.Heur.@x9@X6gmJYfi (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen. Datei C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll ist durch den Virus "Gen:Trojan.Heur.@x9@X6gmJYfi (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen. Datei C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll ist durch den Virus "Gen:Trojan.Heur.@x9@X6gmJYfi (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen. Datei C:\Users\Waldi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ist durch den Virus "Gen:Trojan.Heur.P.@J4@fyt8kHbi (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen. weis jemand was man da am besten machen kann? |
29.08.2012, 08:58 | #2 | ||
/// Helfer-Team | cpu auslastung dauerhaft von 20-50% Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
29.08.2012, 19:08 | #3 |
| cpu auslastung dauerhaft von 20-50% hier ist schon mal der bericht von malware
__________________Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Waldi :: WALDI-PC [Administrator] Schutz: Aktiviert 29.08.2012 18:45:57 mbam-log-2012-08-29 (18-45-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379324 Laufzeit: 51 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Waldi\AppData\Roaming\WinSec.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 29.08.2012 20:11:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Waldi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 54,27% Memory free 11,98 Gb Paging File | 8,63 Gb Available in Paging File | 72,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,17 Gb Total Space | 848,06 Gb Free Space | 92,06% Space Free | Partition Type: NTFS Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Drive E: | 281,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WALDI-PC | User Name: Waldi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C7899F0-C1F3-4F35-89D4-C4EA8784DA19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1FD92A6C-7F84-484B-B33A-0146D1B3EC8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{20918FF3-E241-4039-8F1A-443A785637FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{23079347-62D8-419E-860D-BC1259CE1371}" = lport=137 | protocol=17 | dir=in | app=system | "{29EE33D1-9845-406D-9325-0D085257BBA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{54100E21-7C40-4490-A751-EB28BE2314B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{57867DDF-9C4A-440B-8E7B-061A597F6B0A}" = lport=139 | protocol=6 | dir=in | app=system | "{5872B1C2-6A85-48A4-8A2F-BE976CF476D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{619C0959-B615-4FEF-98AF-91251FA4BBF2}" = lport=445 | protocol=6 | dir=in | app=system | "{8186AB24-5B0E-4A56-A2A7-35E08D4627F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8900B1BE-9FCB-45B2-BB10-2854F510DF74}" = rport=137 | protocol=17 | dir=out | app=system | "{96FAFA81-FE02-4A95-B707-7C87CC0878A6}" = rport=10243 | protocol=6 | dir=out | app=system | "{9913FF2F-4699-48E7-8F33-9C49A04E2B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A9C940A2-A266-497B-8E28-E6735DDC54DE}" = lport=138 | protocol=17 | dir=in | app=system | "{AB6EB448-2C5E-4AD3-A58B-2880C3DFF9AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE6A72BD-6633-4616-B5CE-19B8D3E80971}" = lport=2869 | protocol=6 | dir=in | app=system | "{DAA5F8CB-E8FF-481A-B9A9-5FD425A2B471}" = rport=445 | protocol=6 | dir=out | app=system | "{E2A70828-9EC5-4ABF-BE88-41FE36A418BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E31AFB55-8EF5-4DE8-9829-A778598DC90D}" = lport=10243 | protocol=6 | dir=in | app=system | "{EA4EB0F3-2A6D-46AA-A90A-2A3F29B7ECE9}" = rport=139 | protocol=6 | dir=out | app=system | "{EACDEF34-0ED9-4394-8222-E244D78CE519}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE1FC19B-7268-4F2B-8394-C7DD9DD52BE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAD16C6B-1FE0-42A2-BC8F-7B8374BF3CEA}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0453E9F5-E577-4D24-99E9-EE0E023C5DCC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{118AA3C8-29EB-4F64-B600-9EBD839C49D9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{12725068-BBCA-4E80-A4E6-7BEC685B589D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{12FE4E93-E8DC-46EF-A244-B4296B842C06}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{1DCB5CE3-E439-4A99-8349-30D72E7529FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{1E4A08AB-62C8-4C20-BACB-B53B9561F258}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{230E2914-EA6A-448F-9ECB-2A2311C4CA5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{23B83A72-5DC7-4A45-A5C1-E785501991FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2618DF3F-950C-4ADA-ABA1-1E4006F51FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aoldesktop.exe | "{26FBAAC4-5243-409C-A0B4-98E0129FE1C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{28207723-8FA8-46BD-A3E8-49C6AA6F460D}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{2C93096D-EB12-41F7-99C7-788510DDCA16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2DA52A33-9ABF-4702-8E7D-51914E832570}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3499169B-187B-4720-858B-1628E9A14F4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B040557-B785-4FB7-8C7E-AB6BA9CF2693}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aolsoftware.exe | "{3EECCD2B-D29E-4610-93D4-D28794538073}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{425139EF-5DC2-47B7-922A-24A46C438803}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{4362E64A-4EE4-42D8-BAB6-0AB08D376ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{46D5019E-9819-4A7B-94B8-33EA99889D35}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4FA0306E-7608-450F-BD70-D0A915ABF43F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{5446856F-942D-48F8-88AF-9C198D90EF78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{54668BC8-7BAB-4D42-B749-441E2DF98E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{57199F80-F776-4B8E-A39D-EBE2D23F6A69}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{59143944-7E9F-4BCD-B864-1FD58E23F41F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5A90A6A2-C7B9-4F84-A18E-2E37FB6DEE7B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{620EEC2E-9C7E-4C9E-98BD-57B26714D97C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{650407DC-B7EC-45F3-A56F-5F758B8971DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aoldesktop.exe | "{695ED9FF-A7A9-4ADA-B28A-8BC0F92F2F45}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aolsoftware.exe | "{6D63D0FB-E6B9-41E7-B047-0F9027AD20FB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aolsoftware.exe | "{73458370-C6A9-4BCF-B4ED-A5840166669C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{759E7FDE-A5A9-4428-B513-E8E849B9BD24}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338483391\ee\aolsoftware.exe | "{769F183C-4BB2-49D6-AA2D-9476ADAB6765}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{77640942-6A2D-4227-AB05-A813DEDB5054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7C274235-E4C6-4688-B04A-2C510D10EDEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{85535C40-BF2C-4009-81A4-C128903BF8F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{85C00B46-3EB7-452A-8225-9EED631F6FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{89626932-2FA4-40A8-BFB2-1C764A6846FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{8CA5EBA9-9EE7-47EB-9D09-C0A13E88E743}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{8D6E9782-5346-4A8C-8DA5-21D0663E1A58}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9FA4755D-EB3D-4357-8155-6233C753318C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A352796A-E9BA-43F8-9377-E2F13A5728A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B04D4801-B2E5-4ABF-83CA-B3A5BB947CF2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{B06CDF73-A5CC-4D0D-9DF9-50C847C8BE5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B26DD4E2-F894-4631-9561-9B79B6A0D1F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B3D32799-05F4-4B50-81C2-7AEAF7133911}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aolsoftware.exe | "{B481B72F-421A-482D-BBF1-8F790C75581A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{B8F2851B-3503-44DA-B11A-D4F92C480938}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{BA5C0A2E-EF59-4840-8EE6-0111ABA789A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BEF2DDA0-BB5B-4F91-9D2D-95015BE38652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C0403341-6AAC-459A-88E0-4077F1F91142}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C47BB0BF-58A4-4D84-A41C-05430961663C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C4D9203D-0440-42E9-B0C6-A22596AED0B9}" = protocol=6 | dir=out | app=system | "{C72603AC-67AF-46D3-AE79-DE9DE58225FB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aoldesktop.exe | "{C88012E4-6485-4E36-949F-8A874D34C77E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{D0CF9A89-7BB6-46E8-8163-E4C0C5E2F517}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338484788\ee\aolsoftware.exe | "{DEB16B2F-7FF1-47F4-912E-E0DDD53E20A8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aoldesktop.exe | "{E596C4DB-2E3F-40FF-825D-0E8DB1902546}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{E60A1E9C-4AC1-41A2-8872-A131EC119346}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E6119886-7CF4-4842-8BAD-B52F67DA4718}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F04C6DE0-49C2-4AD0-9C03-04DEAEDADAD0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{F5D55F43-4F2A-4509-8EDA-8A119317F4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{F648E09D-E250-47F6-9786-745625777ACE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F66CBDEF-7E8A-4E1D-8778-78E352E4309D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338484788\ee\aolsoftware.exe | "{F6D9F956-B75F-424B-BAA2-28B559EAC131}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338483391\ee\aolsoftware.exe | "{FE9DB386-5EF9-4E6B-98EA-6331D9D905B4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "TCP Query User{3480AC10-97A8-43D6-AF00-77CCD65F67EA}C:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe | "TCP Query User{53E36F72-5139-4A8C-852E-51DA821A4E72}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{63FCAB22-8CAB-4D73-9C29-22BCFF7CD6A9}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "TCP Query User{6B7AA180-B2C9-470D-9795-F8B614ED7555}C:\users\waldi\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\temp\gw2.exe | "TCP Query User{73983224-67A9-4FE2-8D5E-91B7B73218BB}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{7FACE469-EA59-43C7-B912-3E1BA4CCD0D0}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{93EE557F-2906-44D7-B6C4-57A511219500}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "TCP Query User{9D0A4A4C-7FD6-4B86-BC68-C23228A829D4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{B71E0DE8-B1AF-487B-8EF6-8559A10FF973}C:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe" = protocol=6 | dir=in | app=c:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe | "TCP Query User{B90313E8-F2AE-4216-ADAB-122FCDEAEDBE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{2614610D-6A9A-4116-A953-7CE2444641C6}C:\users\waldi\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\temp\gw2.exe | "UDP Query User{26284702-B211-41D0-8286-1335A6299161}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{33290F62-72A8-410F-A130-730CE8E85F52}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "UDP Query User{4C28C700-3095-420F-8D2E-06D7DDD6EF1E}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "UDP Query User{7214BF8C-F99F-4884-A3BB-C1961EDC39A7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{79F0AB58-CB16-4E6A-97D1-3E83EE7D07B4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{8908274A-E403-4CDC-93EA-4B4710EBB41B}C:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe | "UDP Query User{8BFEBEA6-E4E0-4500-8975-F2CA26B897F3}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "UDP Query User{C0454D1A-14B8-48C8-BA3A-F79E6B16B2BE}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "UDP Query User{DC43CE50-2E81-4C49-9975-29A8C84718BD}C:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe" = protocol=17 | dir=in | app=c:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor for Windows" = Hardwarediagnosetools "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0 "AOL Regclient" = AOL Registration "AOL Toolbar" = AOL Toolbar for Internet Explorer "AOL Toolbar for Firefox" = AOL Toolbar for Firefox "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "Avira AntiVir Desktop" = Avira Free Antivirus "EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch "EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "Europe MapleStory_is1" = Europe MapleStory "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ViewpointMediaPlayer" = Viewpoint Media Player ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "3114a86aa00b92d7" = MMDoC-PDCLive Launcher "Square Enix Secure Launcher" = Square Enix Secure Launcher "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.07.2012 16:27:32 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x1b0c Startzeit der fehlerhaften Anwendung: 0x01cd6f5a8dc624eb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 279d3caf-db4e-11e1-82ca-00038a000015 Error - 01.08.2012 01:09:48 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0xb28 Startzeit der fehlerhaften Anwendung: 0x01cd6fa1d8c11f33 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 1d4024d3-db97-11e1-8f4d-00038a000015 Error - 01.08.2012 05:51:46 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x6a0 Startzeit der fehlerhaften Anwendung: 0x01cd6fcb0e3914fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 813f1540-dbbe-11e1-8f4d-00038a000015 Error - 01.08.2012 06:03:02 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x175c Startzeit der fehlerhaften Anwendung: 0x01cd6fcc71ee32d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 1427de39-dbc0-11e1-8f4d-00038a000015 Error - 01.08.2012 12:56:38 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x1bc Startzeit der fehlerhaften Anwendung: 0x01cd6fcceccd65bb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: dbbb7421-dbf9-11e1-8f4d-00038a000015 Error - 01.08.2012 13:51:28 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x284 Startzeit der fehlerhaften Anwendung: 0x01cd700a0dc00632 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 84b1dbc1-dc01-11e1-8f4d-00038a000015 Error - 01.08.2012 14:18:32 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x17c8 Startzeit der fehlerhaften Anwendung: 0x01cd700e47b050c9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 4c9fc1eb-dc05-11e1-8f4d-00038a000015 Error - 02.08.2012 02:56:09 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x128c Startzeit der fehlerhaften Anwendung: 0x01cd7074d736c204 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 23285980-dc6f-11e1-8bc5-00038a000015 Error - 02.08.2012 10:58:11 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0xb5c Startzeit der fehlerhaften Anwendung: 0x01cd707d35b1bb7c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 7a2626c9-dcb2-11e1-8bc5-00038a000015 Error - 04.08.2012 14:49:36 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: _isDB69.exe, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0x1144 Startzeit der fehlerhaften Anwendung: 0x01cd7271debf7f81 Pfad der fehlerhaften Anwendung: C:\Users\Waldi\AppData\Local\Temp\_isDB69.exe Pfad des fehlerhaften Moduls: C:\Users\Waldi\AppData\Local\Temp\{456BEB15-0241-454B-8688-9B90AB92BE8C}\ISSetup.dll Berichtskennung: 2302244a-de65-11e1-88eb-00038a000015 [ Media Center Events ] Error - 28.07.2012 10:57:56 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:57:56 - Fehler beim Herstellen der Internetverbindung. 16:57:56 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 10:58:26 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:58:25 - Fehler beim Herstellen der Internetverbindung. 16:58:25 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 11:58:57 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 17:58:57 - Fehler beim Herstellen der Internetverbindung. 17:58:57 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 11:59:27 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 17:59:27 - Fehler beim Herstellen der Internetverbindung. 17:59:27 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 12:59:58 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 18:59:58 - Fehler beim Herstellen der Internetverbindung. 18:59:58 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 13:00:28 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 19:00:28 - Fehler beim Herstellen der Internetverbindung. 19:00:28 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:19:26 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:19:26 - Fehler beim Herstellen der Internetverbindung. 16:19:26 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:19:58 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:19:55 - Fehler beim Herstellen der Internetverbindung. 16:19:55 - Serververbindung konnte nicht hergestellt werden.. Error - 31.07.2012 10:11:41 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:11:41 - Fehler beim Herstellen der Internetverbindung. 16:11:41 - Serververbindung konnte nicht hergestellt werden.. Error - 31.07.2012 10:11:54 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:11:46 - Fehler beim Herstellen der Internetverbindung. 16:11:46 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 02.08.2012 01:20:10 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 02.08.2012 01:20:10 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 19.08.2012 13:10:40 | Computer Name = Waldi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?05.?08.?2012 um 05:22:59 unerwartet heruntergefahren. Error - 22.08.2012 00:40:44 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.08.2012 00:40:44 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.08.2012 09:45:20 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.08.2012 09:45:20 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 24.08.2012 09:26:47 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht. Error - 24.08.2012 09:27:19 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 24.08.2012 09:27:19 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Code:
ATTFilter OTL logfile created on: 29.08.2012 20:11:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Waldi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 54,27% Memory free 11,98 Gb Paging File | 8,63 Gb Available in Paging File | 72,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,17 Gb Total Space | 848,06 Gb Free Space | 92,06% Space Free | Partition Type: NTFS Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Drive E: | 281,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WALDI-PC | User Name: Waldi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Waldi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe () PRC - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe () PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.196\deploy\LolClient.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Common Files\AOL\1338486948\ee\aolsoftware.exe (AOL LLC) PRC - C:\Program Files (x86)\Common Files\AOL\1338486948\ee\AOLDesktop.exe (AOL LLC) PRC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe () MOD - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - No CLSID value found IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes,DefaultScope = {BAF60B34-BC2D-4D38-BF52-8D31949C6020} IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE485 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{7CC9E4CC-8D7D-4FC5-A0B8-3C2B3C11CD4B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_ptnrs=%5EABT&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Waldi\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Waldi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.23 20:26:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.28 15:02:53 | 000,000,000 | ---D | M] [2012.05.23 20:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Waldi\AppData\Roaming\mozilla\Extensions [2012.08.23 22:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions [2012.07.14 17:08:02 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2012.08.23 22:51:02 | 000,000,000 | ---D | M] (OnRPG Community Toolbar) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} [2012.07.30 18:36:50 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\toolbar@ask.com [2012.07.30 18:36:50 | 000,002,344 | ---- | M] () -- C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\2u0kr2g5.default\searchplugins\askcom.xml [2012.07.28 15:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_ptnrs=%5EABT&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Waldi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: Avira Toolbar = C:\Users\Waldi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) O3:64bit: - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1338486948\ee\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [Akamai NetSession Interface] "C:\Users\Waldi\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S8761.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files (x86)\Common Files\AOL\Launch\aollaunch.exe (AOL LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EDAC4DA-541E-46A4-9A80-1D4ED613F74C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EPSetup.exe -- [2010.01.18 07:03:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Malwarebytes [2012.08.29 18:43:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.27 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\BSP [2012.08.27 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Square Enix [2012.08.26 12:10:51 | 000,000,000 | ---D | C] -- C:\escan [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2012.08.26 11:45:20 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2012.08.26 11:45:19 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2012.08.26 11:45:18 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012.08.26 11:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2012.08.26 11:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2012.08.19 22:58:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.19 22:58:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.19 22:58:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.19 22:58:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.19 22:58:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.19 22:58:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.19 22:58:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.19 22:58:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.19 22:58:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.19 22:58:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.19 22:58:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.19 22:58:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.19 22:58:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.19 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Ubisoft [2012.08.19 19:54:51 | 000,000,000 | ---D | C] -- C:\Ubisoft [2012.08.19 19:54:42 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.08.19 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Apps [2012.08.19 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Deployment [2012.08.19 19:22:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.19 19:22:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.19 19:22:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.19 19:22:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.19 19:21:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.19 19:21:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.19 19:21:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.19 19:21:40 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.04 20:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.08.04 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2012.08.04 20:48:50 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Epson [2012.08.04 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.08.04 20:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012.08.04 20:48:15 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\InstallShield [2012.08.04 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet [2012.08.04 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON [2012.08.04 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet [2012.08.04 20:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2012.08.04 20:45:34 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2012.08.04 20:45:24 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGJE.DLL [2012.08.04 20:45:21 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGJE.DLL [2012.08.04 20:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.08.04 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.08.04 20:45:02 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll [2012.08.04 20:45:02 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe [2012.08.04 20:45:02 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll [2012.08.04 20:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.08.02 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\LolClient [2012.07.31 07:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.07.31 07:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.07.31 07:46:08 | 000,000,000 | ---D | C] -- C:\Users\Waldi\Documents\Guild Wars 2 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 20:00:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 19:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.29 18:43:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 17:00:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 15:35:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 15:35:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 15:27:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 15:27:33 | 529,854,463 | -HS- | M] () -- C:\hiberfil.sys [2012.08.27 22:11:06 | 000,044,568 | ---- | M] () -- C:\Users\Waldi\Documents\pinfect.zip [2012.08.27 12:23:13 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx [2012.08.26 11:45:19 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2012.08.26 11:45:18 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2012.08.26 11:45:17 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012.08.22 07:01:05 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.20 11:23:14 | 000,328,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.19 20:26:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.19 20:26:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.19 19:54:42 | 000,000,346 | ---- | M] () -- C:\Users\Waldi\Desktop\MMDoC-PDCLive Launcher.appref-ms [2012.08.04 23:18:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 23:18:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 23:18:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 23:18:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 23:18:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 20:51:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.08.04 20:49:55 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss [2012.08.04 20:46:11 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\EPSON BX305 Series Netzwerk-Handbuch.lnk [2012.08.04 20:46:01 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk [2012.08.04 20:45:03 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.07.31 12:08:26 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012.07.31 07:46:52 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 18:43:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 22:11:06 | 000,044,568 | ---- | C] () -- C:\Users\Waldi\Documents\pinfect.zip [2012.08.26 11:45:28 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx [2012.08.19 19:54:42 | 000,000,346 | ---- | C] () -- C:\Users\Waldi\Desktop\MMDoC-PDCLive Launcher.appref-ms [2012.08.04 20:51:07 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.08.04 20:49:48 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss [2012.08.04 20:46:11 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\EPSON BX305 Series Netzwerk-Handbuch.lnk [2012.08.04 20:46:01 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk [2012.08.04 20:45:03 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.07.31 07:46:52 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.07.28 16:01:29 | 000,007,605 | ---- | C] () -- C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg [2012.07.21 14:34:04 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\comcnt.sys [2012.07.15 12:48:09 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.14 15:31:28 | 000,113,452 | ---- | C] () -- C:\Users\Waldi\AppData\Roaming\win [2012.05.31 19:03:19 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini [2012.05.31 16:38:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012.06.01 09:30:08 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\acccore [2012.08.04 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Epson [2012.08.02 20:14:36 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\LolClient [2012.05.29 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\LolClient2 [2012.05.24 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\SGTY [2012.07.28 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Splitscreen Studios [2012.07.30 15:59:43 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Unity [2012.07.31 12:08:26 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.07.19 18:25:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
29.08.2012, 19:29 | #4 |
| cpu auslastung dauerhaft von 20-50%Code:
ATTFilter OTL Extras logfile created on: 29.08.2012 20:11:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Waldi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 54,27% Memory free 11,98 Gb Paging File | 8,63 Gb Available in Paging File | 72,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,17 Gb Total Space | 848,06 Gb Free Space | 92,06% Space Free | Partition Type: NTFS Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Drive E: | 281,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WALDI-PC | User Name: Waldi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C7899F0-C1F3-4F35-89D4-C4EA8784DA19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1FD92A6C-7F84-484B-B33A-0146D1B3EC8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{20918FF3-E241-4039-8F1A-443A785637FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{23079347-62D8-419E-860D-BC1259CE1371}" = lport=137 | protocol=17 | dir=in | app=system | "{29EE33D1-9845-406D-9325-0D085257BBA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{54100E21-7C40-4490-A751-EB28BE2314B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{57867DDF-9C4A-440B-8E7B-061A597F6B0A}" = lport=139 | protocol=6 | dir=in | app=system | "{5872B1C2-6A85-48A4-8A2F-BE976CF476D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{619C0959-B615-4FEF-98AF-91251FA4BBF2}" = lport=445 | protocol=6 | dir=in | app=system | "{8186AB24-5B0E-4A56-A2A7-35E08D4627F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8900B1BE-9FCB-45B2-BB10-2854F510DF74}" = rport=137 | protocol=17 | dir=out | app=system | "{96FAFA81-FE02-4A95-B707-7C87CC0878A6}" = rport=10243 | protocol=6 | dir=out | app=system | "{9913FF2F-4699-48E7-8F33-9C49A04E2B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A9C940A2-A266-497B-8E28-E6735DDC54DE}" = lport=138 | protocol=17 | dir=in | app=system | "{AB6EB448-2C5E-4AD3-A58B-2880C3DFF9AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE6A72BD-6633-4616-B5CE-19B8D3E80971}" = lport=2869 | protocol=6 | dir=in | app=system | "{DAA5F8CB-E8FF-481A-B9A9-5FD425A2B471}" = rport=445 | protocol=6 | dir=out | app=system | "{E2A70828-9EC5-4ABF-BE88-41FE36A418BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E31AFB55-8EF5-4DE8-9829-A778598DC90D}" = lport=10243 | protocol=6 | dir=in | app=system | "{EA4EB0F3-2A6D-46AA-A90A-2A3F29B7ECE9}" = rport=139 | protocol=6 | dir=out | app=system | "{EACDEF34-0ED9-4394-8222-E244D78CE519}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE1FC19B-7268-4F2B-8394-C7DD9DD52BE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAD16C6B-1FE0-42A2-BC8F-7B8374BF3CEA}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0453E9F5-E577-4D24-99E9-EE0E023C5DCC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{118AA3C8-29EB-4F64-B600-9EBD839C49D9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{12725068-BBCA-4E80-A4E6-7BEC685B589D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{12FE4E93-E8DC-46EF-A244-B4296B842C06}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{1DCB5CE3-E439-4A99-8349-30D72E7529FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{1E4A08AB-62C8-4C20-BACB-B53B9561F258}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{230E2914-EA6A-448F-9ECB-2A2311C4CA5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{23B83A72-5DC7-4A45-A5C1-E785501991FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2618DF3F-950C-4ADA-ABA1-1E4006F51FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aoldesktop.exe | "{26FBAAC4-5243-409C-A0B4-98E0129FE1C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{28207723-8FA8-46BD-A3E8-49C6AA6F460D}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{2C93096D-EB12-41F7-99C7-788510DDCA16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2DA52A33-9ABF-4702-8E7D-51914E832570}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3499169B-187B-4720-858B-1628E9A14F4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B040557-B785-4FB7-8C7E-AB6BA9CF2693}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aolsoftware.exe | "{3EECCD2B-D29E-4610-93D4-D28794538073}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{425139EF-5DC2-47B7-922A-24A46C438803}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{4362E64A-4EE4-42D8-BAB6-0AB08D376ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{46D5019E-9819-4A7B-94B8-33EA99889D35}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4FA0306E-7608-450F-BD70-D0A915ABF43F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{5446856F-942D-48F8-88AF-9C198D90EF78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{54668BC8-7BAB-4D42-B749-441E2DF98E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{57199F80-F776-4B8E-A39D-EBE2D23F6A69}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{59143944-7E9F-4BCD-B864-1FD58E23F41F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5A90A6A2-C7B9-4F84-A18E-2E37FB6DEE7B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{620EEC2E-9C7E-4C9E-98BD-57B26714D97C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{650407DC-B7EC-45F3-A56F-5F758B8971DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aoldesktop.exe | "{695ED9FF-A7A9-4ADA-B28A-8BC0F92F2F45}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aolsoftware.exe | "{6D63D0FB-E6B9-41E7-B047-0F9027AD20FB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aolsoftware.exe | "{73458370-C6A9-4BCF-B4ED-A5840166669C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{759E7FDE-A5A9-4428-B513-E8E849B9BD24}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338483391\ee\aolsoftware.exe | "{769F183C-4BB2-49D6-AA2D-9476ADAB6765}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{77640942-6A2D-4227-AB05-A813DEDB5054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7C274235-E4C6-4688-B04A-2C510D10EDEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{85535C40-BF2C-4009-81A4-C128903BF8F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{85C00B46-3EB7-452A-8225-9EED631F6FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{89626932-2FA4-40A8-BFB2-1C764A6846FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{8CA5EBA9-9EE7-47EB-9D09-C0A13E88E743}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{8D6E9782-5346-4A8C-8DA5-21D0663E1A58}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9FA4755D-EB3D-4357-8155-6233C753318C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A352796A-E9BA-43F8-9377-E2F13A5728A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B04D4801-B2E5-4ABF-83CA-B3A5BB947CF2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{B06CDF73-A5CC-4D0D-9DF9-50C847C8BE5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B26DD4E2-F894-4631-9561-9B79B6A0D1F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B3D32799-05F4-4B50-81C2-7AEAF7133911}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aolsoftware.exe | "{B481B72F-421A-482D-BBF1-8F790C75581A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{B8F2851B-3503-44DA-B11A-D4F92C480938}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{BA5C0A2E-EF59-4840-8EE6-0111ABA789A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BEF2DDA0-BB5B-4F91-9D2D-95015BE38652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C0403341-6AAC-459A-88E0-4077F1F91142}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C47BB0BF-58A4-4D84-A41C-05430961663C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C4D9203D-0440-42E9-B0C6-A22596AED0B9}" = protocol=6 | dir=out | app=system | "{C72603AC-67AF-46D3-AE79-DE9DE58225FB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338477011\ee\aoldesktop.exe | "{C88012E4-6485-4E36-949F-8A874D34C77E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{D0CF9A89-7BB6-46E8-8163-E4C0C5E2F517}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1338484788\ee\aolsoftware.exe | "{DEB16B2F-7FF1-47F4-912E-E0DDD53E20A8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338486948\ee\aoldesktop.exe | "{E596C4DB-2E3F-40FF-825D-0E8DB1902546}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{E60A1E9C-4AC1-41A2-8872-A131EC119346}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E6119886-7CF4-4842-8BAD-B52F67DA4718}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F04C6DE0-49C2-4AD0-9C03-04DEAEDADAD0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{F5D55F43-4F2A-4509-8EDA-8A119317F4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{F648E09D-E250-47F6-9786-745625777ACE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F66CBDEF-7E8A-4E1D-8778-78E352E4309D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338484788\ee\aolsoftware.exe | "{F6D9F956-B75F-424B-BAA2-28B559EAC131}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1338483391\ee\aolsoftware.exe | "{FE9DB386-5EF9-4E6B-98EA-6331D9D905B4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "TCP Query User{3480AC10-97A8-43D6-AF00-77CCD65F67EA}C:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe | "TCP Query User{53E36F72-5139-4A8C-852E-51DA821A4E72}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{63FCAB22-8CAB-4D73-9C29-22BCFF7CD6A9}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "TCP Query User{6B7AA180-B2C9-470D-9795-F8B614ED7555}C:\users\waldi\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\temp\gw2.exe | "TCP Query User{73983224-67A9-4FE2-8D5E-91B7B73218BB}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{7FACE469-EA59-43C7-B912-3E1BA4CCD0D0}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{93EE557F-2906-44D7-B6C4-57A511219500}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "TCP Query User{9D0A4A4C-7FD6-4B86-BC68-C23228A829D4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{B71E0DE8-B1AF-487B-8EF6-8559A10FF973}C:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe" = protocol=6 | dir=in | app=c:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe | "TCP Query User{B90313E8-F2AE-4216-ADAB-122FCDEAEDBE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{2614610D-6A9A-4116-A953-7CE2444641C6}C:\users\waldi\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\temp\gw2.exe | "UDP Query User{26284702-B211-41D0-8286-1335A6299161}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{33290F62-72A8-410F-A130-730CE8E85F52}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "UDP Query User{4C28C700-3095-420F-8D2E-06D7DDD6EF1E}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "UDP Query User{7214BF8C-F99F-4884-A3BB-C1961EDC39A7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{79F0AB58-CB16-4E6A-97D1-3E83EE7D07B4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{8908274A-E403-4CDC-93EA-4B4710EBB41B}C:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\apps\2.0\rn08z2q9.ca8\hpe4xc9k.02w\laun...app_0000000000000000_0001.0000_44933472db191453\launcher.exe | "UDP Query User{8BFEBEA6-E4E0-4500-8975-F2CA26B897F3}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "UDP Query User{C0454D1A-14B8-48C8-BA3A-F79E6B16B2BE}C:\users\waldi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\waldi\appdata\local\akamai\netsession_win.exe | "UDP Query User{DC43CE50-2E81-4C49-9975-29A8C84718BD}C:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe" = protocol=17 | dir=in | app=c:\ubisoft\might & magic - duel of champions\mmdoc-pdclive\game.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor for Windows" = Hardwarediagnosetools "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0 "AOL Regclient" = AOL Registration "AOL Toolbar" = AOL Toolbar for Internet Explorer "AOL Toolbar for Firefox" = AOL Toolbar for Firefox "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "Avira AntiVir Desktop" = Avira Free Antivirus "EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch "EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "Europe MapleStory_is1" = Europe MapleStory "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ViewpointMediaPlayer" = Viewpoint Media Player ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "3114a86aa00b92d7" = MMDoC-PDCLive Launcher "Square Enix Secure Launcher" = Square Enix Secure Launcher "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.07.2012 16:27:32 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x1b0c Startzeit der fehlerhaften Anwendung: 0x01cd6f5a8dc624eb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 279d3caf-db4e-11e1-82ca-00038a000015 Error - 01.08.2012 01:09:48 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0xb28 Startzeit der fehlerhaften Anwendung: 0x01cd6fa1d8c11f33 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 1d4024d3-db97-11e1-8f4d-00038a000015 Error - 01.08.2012 05:51:46 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x6a0 Startzeit der fehlerhaften Anwendung: 0x01cd6fcb0e3914fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 813f1540-dbbe-11e1-8f4d-00038a000015 Error - 01.08.2012 06:03:02 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x175c Startzeit der fehlerhaften Anwendung: 0x01cd6fcc71ee32d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 1427de39-dbc0-11e1-8f4d-00038a000015 Error - 01.08.2012 12:56:38 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x1bc Startzeit der fehlerhaften Anwendung: 0x01cd6fcceccd65bb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: dbbb7421-dbf9-11e1-8f4d-00038a000015 Error - 01.08.2012 13:51:28 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x284 Startzeit der fehlerhaften Anwendung: 0x01cd700a0dc00632 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 84b1dbc1-dc01-11e1-8f4d-00038a000015 Error - 01.08.2012 14:18:32 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x17c8 Startzeit der fehlerhaften Anwendung: 0x01cd700e47b050c9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 4c9fc1eb-dc05-11e1-8f4d-00038a000015 Error - 02.08.2012 02:56:09 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0x128c Startzeit der fehlerhaften Anwendung: 0x01cd7074d736c204 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 23285980-dc6f-11e1-8bc5-00038a000015 Error - 02.08.2012 10:58:11 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Name des fehlerhaften Moduls: MapleStory.exe, Version: 1.0.0.17, Zeitstempel: 0x4ff10992 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006d3d2b ID des fehlerhaften Prozesses: 0xb5c Startzeit der fehlerhaften Anwendung: 0x01cd707d35b1bb7c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NEXON\Europe MapleStory\MapleStory.exe Berichtskennung: 7a2626c9-dcb2-11e1-8bc5-00038a000015 Error - 04.08.2012 14:49:36 | Computer Name = Waldi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: _isDB69.exe, Version: 12.0.0.58855, Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855, Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften Prozesses: 0x1144 Startzeit der fehlerhaften Anwendung: 0x01cd7271debf7f81 Pfad der fehlerhaften Anwendung: C:\Users\Waldi\AppData\Local\Temp\_isDB69.exe Pfad des fehlerhaften Moduls: C:\Users\Waldi\AppData\Local\Temp\{456BEB15-0241-454B-8688-9B90AB92BE8C}\ISSetup.dll Berichtskennung: 2302244a-de65-11e1-88eb-00038a000015 [ Media Center Events ] Error - 28.07.2012 10:57:56 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:57:56 - Fehler beim Herstellen der Internetverbindung. 16:57:56 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 10:58:26 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:58:25 - Fehler beim Herstellen der Internetverbindung. 16:58:25 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 11:58:57 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 17:58:57 - Fehler beim Herstellen der Internetverbindung. 17:58:57 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 11:59:27 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 17:59:27 - Fehler beim Herstellen der Internetverbindung. 17:59:27 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 12:59:58 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 18:59:58 - Fehler beim Herstellen der Internetverbindung. 18:59:58 - Serververbindung konnte nicht hergestellt werden.. Error - 28.07.2012 13:00:28 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 19:00:28 - Fehler beim Herstellen der Internetverbindung. 19:00:28 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:19:26 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:19:26 - Fehler beim Herstellen der Internetverbindung. 16:19:26 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:19:58 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:19:55 - Fehler beim Herstellen der Internetverbindung. 16:19:55 - Serververbindung konnte nicht hergestellt werden.. Error - 31.07.2012 10:11:41 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:11:41 - Fehler beim Herstellen der Internetverbindung. 16:11:41 - Serververbindung konnte nicht hergestellt werden.. Error - 31.07.2012 10:11:54 | Computer Name = Waldi-PC | Source = MCUpdate | ID = 0 Description = 16:11:46 - Fehler beim Herstellen der Internetverbindung. 16:11:46 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 02.08.2012 01:20:10 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 02.08.2012 01:20:10 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 19.08.2012 13:10:40 | Computer Name = Waldi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?05.?08.?2012 um 05:22:59 unerwartet heruntergefahren. Error - 22.08.2012 00:40:44 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.08.2012 00:40:44 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.08.2012 09:45:20 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.08.2012 09:45:20 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 24.08.2012 09:26:47 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht. Error - 24.08.2012 09:27:19 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 24.08.2012 09:27:19 | Computer Name = Waldi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Code:
ATTFilter OTL logfile created on: 29.08.2012 20:11:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Waldi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 54,27% Memory free 11,98 Gb Paging File | 8,63 Gb Available in Paging File | 72,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,17 Gb Total Space | 848,06 Gb Free Space | 92,06% Space Free | Partition Type: NTFS Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Drive E: | 281,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WALDI-PC | User Name: Waldi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Waldi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe () PRC - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe () PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.196\deploy\LolClient.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Common Files\AOL\1338486948\ee\aolsoftware.exe (AOL LLC) PRC - C:\Program Files (x86)\Common Files\AOL\1338486948\ee\AOLDesktop.exe (AOL LLC) PRC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe () MOD - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - No CLSID value found IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes,DefaultScope = {BAF60B34-BC2D-4D38-BF52-8D31949C6020} IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE485 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{7CC9E4CC-8D7D-4FC5-A0B8-3C2B3C11CD4B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_ptnrs=%5EABT&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Waldi\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Waldi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.23 20:26:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.28 15:02:53 | 000,000,000 | ---D | M] [2012.05.23 20:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Waldi\AppData\Roaming\mozilla\Extensions [2012.08.23 22:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions [2012.07.14 17:08:02 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2012.08.23 22:51:02 | 000,000,000 | ---D | M] (OnRPG Community Toolbar) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} [2012.07.30 18:36:50 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Waldi\AppData\Roaming\mozilla\Firefox\Profiles\2u0kr2g5.default\extensions\toolbar@ask.com [2012.07.30 18:36:50 | 000,002,344 | ---- | M] () -- C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\2u0kr2g5.default\searchplugins\askcom.xml [2012.07.28 15:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_ptnrs=%5EABT&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Waldi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: Avira Toolbar = C:\Users\Waldi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) O3:64bit: - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1338486948\ee\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [Akamai NetSession Interface] "C:\Users\Waldi\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S8761.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3062770422-598456700-373322868-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files (x86)\Common Files\AOL\Launch\aollaunch.exe (AOL LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EDAC4DA-541E-46A4-9A80-1D4ED613F74C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EPSetup.exe -- [2010.01.18 07:03:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Malwarebytes [2012.08.29 18:43:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.29 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.27 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\BSP [2012.08.27 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Square Enix [2012.08.26 12:10:51 | 000,000,000 | ---D | C] -- C:\escan [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2012.08.26 11:58:10 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2012.08.26 11:45:20 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2012.08.26 11:45:19 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2012.08.26 11:45:18 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012.08.26 11:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2012.08.26 11:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2012.08.19 22:58:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.19 22:58:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.19 22:58:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.19 22:58:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.19 22:58:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.19 22:58:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.19 22:58:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.19 22:58:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.19 22:58:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.19 22:58:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.19 22:58:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.19 22:58:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.19 22:58:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.19 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Ubisoft [2012.08.19 19:54:51 | 000,000,000 | ---D | C] -- C:\Ubisoft [2012.08.19 19:54:42 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.08.19 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Apps [2012.08.19 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Local\Deployment [2012.08.19 19:22:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.19 19:22:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.19 19:22:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.19 19:22:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.19 19:21:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.19 19:21:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.19 19:21:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.19 19:21:40 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.04 20:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.08.04 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2012.08.04 20:48:50 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\Epson [2012.08.04 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.08.04 20:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012.08.04 20:48:15 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\InstallShield [2012.08.04 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet [2012.08.04 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON [2012.08.04 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet [2012.08.04 20:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2012.08.04 20:45:34 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2012.08.04 20:45:24 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGJE.DLL [2012.08.04 20:45:21 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGJE.DLL [2012.08.04 20:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.08.04 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.08.04 20:45:02 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll [2012.08.04 20:45:02 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe [2012.08.04 20:45:02 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll [2012.08.04 20:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.08.02 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Waldi\AppData\Roaming\LolClient [2012.07.31 07:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.07.31 07:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.07.31 07:46:08 | 000,000,000 | ---D | C] -- C:\Users\Waldi\Documents\Guild Wars 2 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 20:00:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 19:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.29 18:43:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 17:00:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 15:35:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 15:35:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 15:27:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 15:27:33 | 529,854,463 | -HS- | M] () -- C:\hiberfil.sys [2012.08.27 22:11:06 | 000,044,568 | ---- | M] () -- C:\Users\Waldi\Documents\pinfect.zip [2012.08.27 12:23:13 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx [2012.08.26 11:45:19 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2012.08.26 11:45:18 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2012.08.26 11:45:17 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012.08.22 07:01:05 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.20 11:23:14 | 000,328,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.19 20:26:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.19 20:26:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.19 19:54:42 | 000,000,346 | ---- | M] () -- C:\Users\Waldi\Desktop\MMDoC-PDCLive Launcher.appref-ms [2012.08.04 23:18:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 23:18:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 23:18:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 23:18:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 23:18:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 20:51:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.08.04 20:49:55 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss [2012.08.04 20:46:11 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\EPSON BX305 Series Netzwerk-Handbuch.lnk [2012.08.04 20:46:01 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk [2012.08.04 20:45:03 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.07.31 12:08:26 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012.07.31 07:46:52 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 18:43:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 22:11:06 | 000,044,568 | ---- | C] () -- C:\Users\Waldi\Documents\pinfect.zip [2012.08.26 11:45:28 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx [2012.08.19 19:54:42 | 000,000,346 | ---- | C] () -- C:\Users\Waldi\Desktop\MMDoC-PDCLive Launcher.appref-ms [2012.08.04 20:51:07 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.08.04 20:49:48 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss [2012.08.04 20:46:11 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\EPSON BX305 Series Netzwerk-Handbuch.lnk [2012.08.04 20:46:01 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk [2012.08.04 20:45:03 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.07.31 07:46:52 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.07.28 16:01:29 | 000,007,605 | ---- | C] () -- C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg [2012.07.21 14:34:04 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\comcnt.sys [2012.07.15 12:48:09 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.14 15:31:28 | 000,113,452 | ---- | C] () -- C:\Users\Waldi\AppData\Roaming\win [2012.05.31 19:03:19 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini [2012.05.31 16:38:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012.06.01 09:30:08 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\acccore [2012.08.04 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Epson [2012.08.02 20:14:36 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\LolClient [2012.05.29 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\LolClient2 [2012.05.24 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\SGTY [2012.07.28 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Splitscreen Studios [2012.07.30 15:59:43 | 000,000,000 | ---D | M] -- C:\Users\Waldi\AppData\Roaming\Unity [2012.07.31 12:08:26 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.07.19 18:25:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 19.08.2012 6,00MB 11.3.300.271 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.08.2012 6,00MB 11.3.300.271 AOL Mail and AIM Gadget AOL LLC 31.05.2012 567KB 1.0.0 AOL Registration 31.05.2012 AOL Toolbar for Firefox AOL LLC 31.05.2012 5.13.6.2 AOL Toolbar for Internet Explorer AOL LLC 31.05.2012 5.13.4.1 AOL Uninstaller (Choose which Products to Remove) AOL LLC 31.05.2012 Apple Application Support Apple Inc. 29.06.2012 61,0MB 2.1.9 Apple Mobile Device Support Apple Inc. 29.06.2012 24,9MB 5.2.0.6 Apple Software Update Apple Inc. 29.06.2012 2,38MB 2.1.3.127 Avira Free Antivirus Avira 30.07.2012 111MB 12.0.0.1167 Avira SearchFree Toolbar plus Web Protection Ask.com 30.07.2012 4,67MB 1.15.4.0 Avira SearchFree Toolbar plus Web Protection Updater Ask.com 30.07.2012 1.3.0.23930 Bonjour Apple Inc. 29.06.2012 2,00MB 3.0.0.10 CCleaner Piriform 22.08.2012 3.22 Compatibility Pack für 2007 Office System Microsoft Corporation 23.05.2012 55,1MB 12.0.4518.1014 CyberLink DVD Suite Deluxe CyberLink Corp. 22.09.2009 16,4MB 6.0.3101 Druckerdeinstallation für EPSON BX305 Series SEIKO EPSON Corporation 04.08.2012 EPSON BX305 Series Handbuch 04.08.2012 EPSON BX305 Series Netzwerk-Handbuch 04.08.2012 Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 04.08.2012 2.2.0.0 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 04.08.2012 1.00.0000 Epson FAX Utility SEIKO EPSON CORPORATION 04.08.2012 1.10.00 Epson PC-FAX Driver 04.08.2012 EPSON Scan Seiko Epson Corporation 04.08.2012 EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 04.08.2012 3.3a Europe MapleStory Nexon 15.07.2012 Google Chrome Google Inc. 28.05.2012 21.0.1180.83 Google Toolbar for Internet Explorer Google Inc. 21.08.2012 7.4.3203.136 Guild Wars 2 NCsoft Corporation, Ltd. 31.07.2012 Hardwarediagnosetools PC-Doctor, Inc. 24.05.2012 6.0.5205.31 Hi-Rez Studios Authenticate and Update Service Hi-Rez Studios 16.06.2012 3.0.0.0 HP Customer Experience Enhancements Hewlett-Packard 22.09.2009 5.7.0.3036 HP MediaSmart DVD Hewlett-Packard 22.09.2009 101MB 3.0.3123 HP MediaSmart Movie Themes Hewlett-Packard 22.09.2009 399MB 3.0.3102 HP MediaSmart Music/Photo/Video Hewlett-Packard 22.09.2009 401MB 3.0.3205 HP MediaSmart SmartMenu Hewlett-Packard 22.09.2009 1,85MB 3.0.28.2 HP Odometer Hewlett-Packard 22.09.2009 48,0KB 2.10.0000 HP Remote Solution TopSeed 22.09.2009 1.1.9.0 HP Setup Hewlett-Packard 22.09.2009 1.2.3220.3079 HP Support Information Hewlett-Packard 22.09.2009 160KB 10.1.0002 HP Update Hewlett-Packard 22.09.2009 2,96MB 5.001.000.014 Intel® Matrix Storage Manager Intel Corporation 23.05.2012 iTunes Apple Inc. 29.06.2012 184MB 10.6.3.25 Java(TM) 7 Update 5 Oracle 04.07.2012 99,3MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 04.07.2012 20,8MB 2.1.1 LabelPrint CyberLink Corp. 22.09.2009 230MB 2.5.1901 League of Legends Riot Games 29.05.2012 1.02.0000 LightScribe System Software LightScribe 22.09.2009 22,4MB 1.18.5.1 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 29.08.2012 18,7MB 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.05.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.05.2012 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 15.07.2012 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 15.07.2012 10,6MB 4.0.30319 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 23.05.2012 87,0MB 12.0.4518.1014 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.05.2012 348KB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22.09.2009 708KB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 22.09.2009 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.09.2009 596KB 9.0.30729 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 15.07.2012 13,6MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2012 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 23.05.2012 9.7.0621 MMDoC-PDCLive Launcher Ubisoft 19.08.2012 1.0.1.1 Mozilla Firefox 12.0 (x86 de) Mozilla 23.05.2012 36,1MB 12.0 Mozilla Maintenance Service Mozilla 23.05.2012 214KB 12.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.05.2012 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.05.2012 1,33MB 4.20.9876.0 NVIDIA Drivers NVIDIA Corporation 22.09.2009 1.4 NVIDIA PhysX NVIDIA Corporation 22.09.2009 119MB 9.09.0428 Pando Media Booster Pando Networks Inc. 28.05.2012 5,46MB 2.6.0.7 Power2Go CyberLink Corp. 22.09.2009 169MB 6.0.3101 PowerDirector CyberLink Corp. 22.09.2009 521MB 7.0.3101 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.09.2009 6.0.1.5882 Smite Closed Beta Hi-Rez Studios 23.06.2012 0.1.1018.0 Square Enix Secure Launcher Square Enix 27.08.2012 1.0.0.104 Steam Valve Corporation 26.05.2012 35,4MB 1.0.0.0 Uninstall AOL Emergency Connect Utility 1.0 31.05.2012 Unity Web Player Unity Technologies ApS 30.07.2012 12,0MB Viewpoint Media Player 31.05.2012 WinRAR 4.11 (64-Bit) win.rar GmbH 30.05.2012 4.11.0 Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 19.08.2012 6,00MB 11.3.300.271 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.08.2012 6,00MB 11.3.300.271 AOL Mail and AIM Gadget AOL LLC 31.05.2012 567KB 1.0.0 AOL Registration 31.05.2012 AOL Toolbar for Firefox AOL LLC 31.05.2012 5.13.6.2 AOL Toolbar for Internet Explorer AOL LLC 31.05.2012 5.13.4.1 AOL Uninstaller (Choose which Products to Remove) AOL LLC 31.05.2012 Apple Application Support Apple Inc. 29.06.2012 61,0MB 2.1.9 Apple Mobile Device Support Apple Inc. 29.06.2012 24,9MB 5.2.0.6 Apple Software Update Apple Inc. 29.06.2012 2,38MB 2.1.3.127 Avira Free Antivirus Avira 30.07.2012 111MB 12.0.0.1167 Avira SearchFree Toolbar plus Web Protection Ask.com 30.07.2012 4,67MB 1.15.4.0 Avira SearchFree Toolbar plus Web Protection Updater Ask.com 30.07.2012 1.3.0.23930 Bonjour Apple Inc. 29.06.2012 2,00MB 3.0.0.10 CCleaner Piriform 22.08.2012 3.22 Compatibility Pack für 2007 Office System Microsoft Corporation 23.05.2012 55,1MB 12.0.4518.1014 CyberLink DVD Suite Deluxe CyberLink Corp. 22.09.2009 16,4MB 6.0.3101 Druckerdeinstallation für EPSON BX305 Series SEIKO EPSON Corporation 04.08.2012 EPSON BX305 Series Handbuch 04.08.2012 EPSON BX305 Series Netzwerk-Handbuch 04.08.2012 Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 04.08.2012 2.2.0.0 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 04.08.2012 1.00.0000 Epson FAX Utility SEIKO EPSON CORPORATION 04.08.2012 1.10.00 Epson PC-FAX Driver 04.08.2012 EPSON Scan Seiko Epson Corporation 04.08.2012 EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 04.08.2012 3.3a Europe MapleStory Nexon 15.07.2012 Google Chrome Google Inc. 28.05.2012 21.0.1180.83 Google Toolbar for Internet Explorer Google Inc. 21.08.2012 7.4.3203.136 Guild Wars 2 NCsoft Corporation, Ltd. 31.07.2012 Hardwarediagnosetools PC-Doctor, Inc. 24.05.2012 6.0.5205.31 Hi-Rez Studios Authenticate and Update Service Hi-Rez Studios 16.06.2012 3.0.0.0 HP Customer Experience Enhancements Hewlett-Packard 22.09.2009 5.7.0.3036 HP MediaSmart DVD Hewlett-Packard 22.09.2009 101MB 3.0.3123 HP MediaSmart Movie Themes Hewlett-Packard 22.09.2009 399MB 3.0.3102 HP MediaSmart Music/Photo/Video Hewlett-Packard 22.09.2009 401MB 3.0.3205 HP MediaSmart SmartMenu Hewlett-Packard 22.09.2009 1,85MB 3.0.28.2 HP Odometer Hewlett-Packard 22.09.2009 48,0KB 2.10.0000 HP Remote Solution TopSeed 22.09.2009 1.1.9.0 HP Setup Hewlett-Packard 22.09.2009 1.2.3220.3079 HP Support Information Hewlett-Packard 22.09.2009 160KB 10.1.0002 HP Update Hewlett-Packard 22.09.2009 2,96MB 5.001.000.014 Intel® Matrix Storage Manager Intel Corporation 23.05.2012 iTunes Apple Inc. 29.06.2012 184MB 10.6.3.25 Java(TM) 7 Update 5 Oracle 04.07.2012 99,3MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 04.07.2012 20,8MB 2.1.1 LabelPrint CyberLink Corp. 22.09.2009 230MB 2.5.1901 League of Legends Riot Games 29.05.2012 1.02.0000 LightScribe System Software LightScribe 22.09.2009 22,4MB 1.18.5.1 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 29.08.2012 18,7MB 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.05.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.05.2012 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 15.07.2012 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 15.07.2012 10,6MB 4.0.30319 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 23.05.2012 87,0MB 12.0.4518.1014 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.05.2012 348KB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22.09.2009 708KB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 22.09.2009 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.09.2009 596KB 9.0.30729 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 15.07.2012 13,6MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2012 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 23.05.2012 9.7.0621 MMDoC-PDCLive Launcher Ubisoft 19.08.2012 1.0.1.1 Mozilla Firefox 12.0 (x86 de) Mozilla 23.05.2012 36,1MB 12.0 Mozilla Maintenance Service Mozilla 23.05.2012 214KB 12.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.05.2012 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.05.2012 1,33MB 4.20.9876.0 NVIDIA Drivers NVIDIA Corporation 22.09.2009 1.4 NVIDIA PhysX NVIDIA Corporation 22.09.2009 119MB 9.09.0428 Pando Media Booster Pando Networks Inc. 28.05.2012 5,46MB 2.6.0.7 Power2Go CyberLink Corp. 22.09.2009 169MB 6.0.3101 PowerDirector CyberLink Corp. 22.09.2009 521MB 7.0.3101 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.09.2009 6.0.1.5882 Smite Closed Beta Hi-Rez Studios 23.06.2012 0.1.1018.0 Square Enix Secure Launcher Square Enix 27.08.2012 1.0.0.104 Steam Valve Corporation 26.05.2012 35,4MB 1.0.0.0 Uninstall AOL Emergency Connect Utility 1.0 31.05.2012 Unity Web Player Unity Technologies ApS 30.07.2012 12,0MB Viewpoint Media Player 31.05.2012 WinRAR 4.11 (64-Bit) win.rar GmbH 30.05.2012 4.11.0 Geändert von Kedoka (29.08.2012 um 19:47 Uhr) Grund: sry habe die codes leider ausversehen merhmals gepostet |
30.08.2012, 12:40 | #5 | ||
/// Helfer-Team | cpu auslastung dauerhaft von 20-50% Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Deinstalliere: Zitat:
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal: Hier klicken zum Weiterlesen: -> http://www.chip.de/news/AntiVir-Serv..._45444953.html ► Wer möchte diese Adware auf seinen Rechner haben?! Lieber ohne Webguard, als mit Adware... 2. Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - No CLSID value found IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes,DefaultScope = {BAF60B34-BC2D-4D38-BF52-8D31949C6020} IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE485 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{7CC9E4CC-8D7D-4FC5-A0B8-3C2B3C11CD4B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=59675911-666a-4285-8fe3-4a193a56f922&apn_sauid=5121E15B-592C-418B-931F-963DEA89D1AD IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2090540 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062770422-598456700-373322868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b2c13933-a4de-11e1-96fd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EPSetup.exe -- [2010.01.18 07:03:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation) [2012.08.29 20:00:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 17:00:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Tipp: -> Java-Updates konfigurieren 4. Alle Programme/Fenster schliessen Java-Cache leeren Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 5. Aktualisieren: -> Mozilla Firefox-> Hilfe -> über Menü Hilfe -> "Über Firefox" Info:-> Firefox auf die letzte Version aktualisieren 6. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 7. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
8. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (30.08.2012 um 12:49 Uhr) |
Themen zu cpu auslastung dauerhaft von 20-50% |
antivir, appdata, auslastung, avira, beste, besten, browser, cpu, cpu auslastung, cpuauslastung, dauerhaft, desktop, durchgeführt, escan, files, gen, google, infiziert, local, program, scan, sobald, troja, users, virus |