| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere FehlerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.02.2013, 11:25
| #1 |
 |  PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Hallo ihr lieben Helfer, ich habe seit längerem oben genanntes Problem. Mein Rechner ist merklich langsamer geworden, friert des öfteren ein. Meistens ist dies nach dem Hochfahren der Fall, wenn ich verschiedene Programme offen habe. Falls nebenbei Musik läuft, läuft diese nach dem Einfrieren noch kurz weiter. Meistens endet die Musik mit einem verzerrten "Rattern". Entweder kommt dann ein Bluescreen oder es tut sich nichts, bis ich den PC durch Drücken des Start-Knopfes neustarte. Wenn ich Elemente, wie Bilder oder Ähnliches, lösche oder verschiebe, wird dies erst nach Drücken von F5 angezeigt. Desweiteren funktioniert mein DVD bzw CD-Laufwerk nicht mehr, d.h. es liest nichts. Ich benutze MS Windows 7 Home Premium 64-bit sowie Antivir Free. Die Logs poste ich unten. Ich hoffe sehr, ihr könnt mir helfen. Vielen Dank schon einmal im Voraus! Liebe Grüße, Max Defogger wurde durchgeführt. Ging sehr schnell, zeigte mir nach 1-2 Sekunden Finished an. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:57 on 04/02/2013 (Max)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 04.02.2013 10:14:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 60,00% Memory free 3,75 Gb Paging File | 2,39 Gb Available in Paging File | 63,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 335,25 Gb Total Space | 90,10 Gb Free Space | 26,88% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.04 10:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe PRC - [2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.12 04:48:42 | 000,041,864 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Max\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.22 01:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.08.30 08:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\Users\Max\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2013.02.02 11:08:19 | 012,459,888 | ---- | M] () -- C:\Users\Max\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll MOD - [2013.01.18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll MOD - [2013.01.18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll MOD - [2013.01.18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll MOD - [2013.01.18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll MOD - [2013.01.18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll MOD - [2012.11.12 04:48:06 | 000,151,408 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 11\zlib.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.01.11 15:39:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sk27211/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B C8 BD 9B 6C 28 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2DD1001E-5CA3-4506-9BEF-02355D6B4171} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2DD1001E-5CA3-4506-9BEF-02355D6B4171}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=213.140.115.173:8080;https=213.140.115.173:8080;ftp=213.140.115.173:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.350.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.06.13 14:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.19 21:30:29 | 000,000,933 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\11-suche.xml [2011.05.25 15:10:48 | 000,000,943 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\conduit.xml [2011.12.19 21:30:29 | 000,002,419 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\englische-ergebnisse.xml [2011.12.19 21:30:29 | 000,010,525 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\gmx-suche.xml [2012.01.22 13:56:08 | 000,001,048 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\icqplugin.xml [2011.12.19 21:30:29 | 000,002,457 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\lastminute.xml [2011.12.19 21:30:29 | 000,005,508 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\webde-suche.xml File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Max\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: YouTube = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe (Mindjet) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S4116.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_FB0DCF795F3086C624F9CCAD45E29F3E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CA9C1A-96EA-46A0-9A1A-FF0D098A6564}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22293fa3-e107-11e0-ad90-001c4af368f5}\Shell - "" = AutoRun O33 - MountPoints2\{22293fa3-e107-11e0-ad90-001c4af368f5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2b5695c3-95b6-11e0-a8a3-001d920d5226}\Shell - "" = AutoRun O33 - MountPoints2\{2b5695c3-95b6-11e0-a8a3-001d920d5226}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{8ae300b7-944d-11e0-bf7f-001d920d5226}\Shell - "" = AutoRun O33 - MountPoints2\{8ae300b7-944d-11e0-bf7f-001d920d5226}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 10:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.02 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Updater [2013.02.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Illustrator CS2 [2013.02.02 12:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.02.02 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Version Cue CS2 [2013.02.02 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe InDesign CS2 [2013.02.02 12:56:08 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Creative Suite 2 [2013.02.02 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Stock Photos [2013.02.02 12:54:38 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Photoshop CS2 [2013.02.02 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Help Center [2013.02.02 12:52:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.02.02 12:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.02.02 12:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.02 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Bridge [2013.02.02 12:24:51 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2 [2013.02.02 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Photoshop CS2 [2013.01.26 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\Max\.freemind [2013.01.26 17:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2013.01.26 17:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2013.01.26 16:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.26 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mindjet [2013.01.25 17:37:38 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll [2013.01.25 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 [2013.01.25 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Eigene Maps [2013.01.25 17:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet [2013.01.25 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet [2013.01.25 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet [2013.01.25 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{250B3DB2-4235-4280-8724-04DB9571543D} [2013.01.22 17:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.22 17:04:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.22 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.16 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\INFO [2013.01.06 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\fontconfig [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\gegl-0.2 [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\.gimp-2.8 [2013.01.06 14:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 10:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.04 09:57:28 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:43 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.04 09:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 09:37:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:37:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:29:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.04 09:29:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2013.02.04 09:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 09:28:49 | 1509,498,880 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 09:24:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.02 17:20:16 | 000,387,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.02 12:52:22 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | M] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 17:01:04 | 000,030,027 | ---- | M] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.26 16:58:31 | 000,001,398 | ---- | M] () -- C:\Users\Max\Desktop\Free YouTube to MP3 Converter.lnk [2013.01.26 16:58:31 | 000,001,239 | ---- | M] () -- C:\Users\Max\Desktop\DVDVideoSoft Free Studio.lnk [2013.01.25 17:36:46 | 000,002,892 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.17 16:01:31 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.17 16:01:31 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.17 16:01:31 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.17 16:01:31 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.17 16:01:31 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 19:45:39 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.06 16:29:01 | 003,919,550 | ---- | M] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | M] () -- C:\Users\Max\Desktop\GIMP 2.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 09:57:28 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:41 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.02 12:59:42 | 000,002,510 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk [2013.02.02 12:58:43 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.02.02 12:56:56 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk [2013.02.02 12:55:11 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.02.02 12:55:10 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.02.02 12:54:18 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.02.02 12:52:22 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.02.02 12:49:52 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | C] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 14:49:45 | 000,030,027 | ---- | C] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.25 17:36:45 | 000,002,892 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.06 16:29:01 | 003,919,550 | ---- | C] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | C] () -- C:\Users\Max\Desktop\GIMP 2.lnk [2013.01.06 14:31:31 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.10.17 12:16:13 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2012.06.14 18:54:16 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.01 20:14:42 | 000,003,584 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.28 15:37:14 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.11 18:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.22 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft [2012.03.21 19:54:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Amazon [2012.10.17 09:25:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ambient Design [2012.10.19 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity [2011.07.10 08:49:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Bump Technologies, Inc [2012.06.17 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\CheckPoint [2011.09.09 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.26 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft [2013.01.26 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.04 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Epson [2011.08.07 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FreeAudioPack [2012.02.08 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\gtk-2.0 [2012.01.28 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\HandBrake [2012.09.30 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\IrfanView [2012.10.19 15:21:08 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MAGIX [2012.08.20 17:37:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mp3DirectCut [2012.09.30 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\OpenCandy [2011.06.20 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PhotoScape [2012.10.19 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\simplitec [2012.11.10 10:36:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TuneUp Software [2011.07.21 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Unity [2011.09.17 10:06:03 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Vodafone [2012.09.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\WindSolutions [2011.10.11 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 10:14:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 60,00% Memory free
3,75 Gb Paging File | 2,39 Gb Available in Paging File | 63,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 335,25 Gb Total Space | 90,10 Gb Free Space | 26,88% Space Free | Partition Type: NTFS
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0562FC55-446A-4569-9FDB-E024725A0C12}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0A6AE02B-F041-4391-8A6B-6780200FBFB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{1502B677-490E-4167-849C-1549EB47494E}" = rport=138 | protocol=17 | dir=out | app=system |
"{202B953C-3ED8-4932-B577-4652130470D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{25916F89-0C9F-4A11-B4C6-6225B2CEC324}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A376905-94DA-43A9-8BC9-BEBA86CC4067}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{349FCE89-C11D-4F8A-852E-FD38950E2333}" = lport=137 | protocol=17 | dir=in | app=system |
"{48AF4A4B-854B-4A2B-8826-8484D2520154}" = lport=50931 | protocol=6 | dir=in | name=akamai netsession interface |
"{89FDF639-2E52-4E46-BB96-7A7850AC0AC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95D333B6-B868-4669-AD37-59221A83B0F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E34E4B6-08AE-4FE9-B12F-22B97BB88D80}" = rport=445 | protocol=6 | dir=out | app=system |
"{A252D9B5-7EFD-4E01-88AB-E3666D9DCA77}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A6FBD1CF-C850-41D6-95E6-F82B5E6DD1B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2E15C5D-2B91-4994-A70A-F1C363F625B7}" = lport=49189 | protocol=6 | dir=in | name=akamai netsession interface |
"{B8443382-6DF1-4A2C-BD99-8E7CCEAA72C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA40BA31-983F-49B1-8261-0832CBA2DCCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9A9B77E-1CE1-4FFC-8EC5-DB2251EE610B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9497A8F-3E07-4A25-B78E-61450E42DC09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02172756-E7D7-4796-82A0-599F3D2CDDF8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1034892A-1DE6-41A9-8CEA-AA7E674F87A4}" = dir=in | app=c:\brickforce\brickforce.exe |
"{12C95DAB-4AE2-4525-91C9-C3C4F565AD57}" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe |
"{176A7177-9C0C-4A62-BFA5-971E12D77C6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1AF05288-E097-4488-9AA3-A406CD21EA29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E24542F-8E2D-4503-B86A-046ED5DD2270}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{29FC6D92-44C4-4AE4-A107-15EFE6D0E84D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3375F8A4-E748-4539-AD4A-63F1B4BE88FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3A417D7D-7A92-486C-9EB7-DD91F6588620}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41B76F14-BB22-4439-98C8-1FF0524EEC67}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5000E42A-83FB-4B5B-AEC7-75A564C3BD69}" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe |
"{73A80C06-EDCC-41CF-99C8-51B9895DAB3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A55D981-5376-4F69-8684-65FB2D80BCEA}" = protocol=17 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe |
"{8FC1E105-132F-4572-B763-0879B2B78D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D482553-A0A1-4C06-8ED1-AF6200AC8BA3}" = protocol=6 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe |
"{A1CF2A8B-4E15-4AE4-ADF7-B60336169F30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A27AB637-6BEA-4F06-80F4-A904DDD55703}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BACB4912-ED7E-4B2E-A0A5-67E1537E3AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C23D91DA-4D82-42DD-B91C-88C6D433D910}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{C359A7EE-D094-463D-8B46-3084CB481A08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA9D4F84-429C-4CE5-BEA3-5E02E8A69FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7F5AEBB-DB8C-4CE7-9C54-4977DE1BDCDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF11F3D6-7F5D-4617-A2F2-BE6881A342E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F192833E-0AC1-40ED-AF3B-3A3097BD758F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FE868C19-BF02-402B-8665-D9261BDA7F67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{67082392-29BE-4CCB-9942-9FF596185E7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{9D5B4D06-9BF1-424E-87B1-A66A92FE5190}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{A9FE419D-82D7-403F-9067-2C39CE7FF320}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9874E5FC-E44D-4960-A84B-303FFF261D0C}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B839AF53-5504-4253-BE31-769625EDD761}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{CBDA1F1C-248C-4816-8FBD-A175D16D53B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394C2C3E-CA18-4216-B430-ACDD82C26973}" = ArtRage 2 Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}" = Mindjet
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"MyPaint" = MyPaint 1.0.0
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2012 05:18:04 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0x01cde1b781b60d00 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d1b6c01c-4daa-11e2-a957-001c4af368f5
Error - 24.12.2012 05:18:56 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0x1304 Startzeit der fehlerhaften Anwendung: 0x01cde1b7ab6fac99 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f0e8732e-4daa-11e2-a957-001c4af368f5
Error - 25.12.2012 05:55:01 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xe08 Startzeit der fehlerhaften Anwendung: 0x01cde285e13ab283 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 25b4975a-4e79-11e2-bed8-001c4af368f5
Error - 25.12.2012 06:00:07 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cde2868b2ca7a9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: dc2796c0-4e79-11e2-bed8-001c4af368f5
Error - 26.12.2012 09:13:31 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cde36ac546e6b8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0acc2d0f-4f5e-11e2-ba51-001c4af368f5
Error - 26.12.2012 09:20:13 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0x01cde36bb1691b13 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: fac43aad-4f5e-11e2-ba51-001c4af368f5
Error - 27.12.2012 07:46:24 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xeb0 Startzeit der fehlerhaften Anwendung: 0x01cde427c5aef73f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 09d59964-501b-11e2-adfa-001c4af368f5
Error - 27.12.2012 07:48:32 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0x01cde428163f6aa8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5611d367-501b-11e2-adfa-001c4af368f5
Error - 28.12.2012 07:41:48 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xb68 Startzeit der fehlerhaften Anwendung: 0x01cde4f04a4a16d8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8fb28746-50e3-11e2-b97e-001c4af368f5
Error - 29.12.2012 07:15:31 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften
Prozesses: 0xd20 Startzeit der fehlerhaften Anwendung: 0x01cde5b5c5be435a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0e3b55a7-51a9-11e2-9d50-001c4af368f5
[ System Events ]
Error - 03.02.2013 10:08:50 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 03.02.2013 10:23:43 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?02.?2013 um 15:22:15 unerwartet heruntergefahren.
Error - 03.02.2013 10:23:35 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 03.02.2013 10:23:51 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 04.02.2013 04:13:16 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.02.2013 04:13:31 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 04.02.2013 04:24:29 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.02.2013 04:24:44 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 04.02.2013 04:28:48 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.02.2013 04:29:03 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-04 11:02:41
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3360320AS rev.3.AAM 335,35GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Max\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001b3900 7 bytes [00, AE, F3, FF, 01, B8, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001b3908 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a11401 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a11419 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a11431 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a1144a 2 bytes [A1, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a114dd 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a114f5 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a1150d 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a11525 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a1153d 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a11555 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a1156d 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a11585 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a1159d 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a115b5 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a115cd 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a116b2 2 bytes [A1, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a116bd 2 bytes [A1, 75]
? C:\Windows\system32\mssprxy.dll [2004] entry point in ".rdata" section 0000000074a371e6
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077acf941 7 bytes {MOV EDX, 0x7f1628; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077acfb85 7 bytes {MOV EDX, 0x7f1668; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077acfbb5 7 bytes {MOV EDX, 0x7f15a8; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077acfbcd 7 bytes {MOV EDX, 0x7f1528; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077acfbe5 7 bytes {MOV EDX, 0x7f1728; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077acfc15 7 bytes {MOV EDX, 0x7f1768; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077acfc95 7 bytes {MOV EDX, 0x7f16e8; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077acfcad 7 bytes {MOV EDX, 0x7f16a8; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077acfcf9 7 bytes {MOV EDX, 0x7f1468; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077acfdf1 7 bytes {MOV EDX, 0x7f14a8; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ad0049 7 bytes {MOV EDX, 0x7f1428; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ad1055 7 bytes {MOV EDX, 0x7f15e8; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ad10cd 7 bytes {MOV EDX, 0x7f1568; JMP RDX}
.text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ad12d1 7 bytes {MOV EDX, 0x7f14e8; JMP RDX}
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [880:1044] 000007fefb3159a0
Thread C:\Windows\System32\svchost.exe [880:1960] 000007fefd7a1a70
Thread C:\Windows\System32\svchost.exe [880:3012] 000007fef0891dd0
Thread C:\Windows\System32\svchost.exe [880:3936] 000007fef076a2b0
Thread C:\Windows\System32\svchost.exe [880:4552] 000007fef3d47750
Thread C:\Windows\System32\svchost.exe [880:4704] 000007fefbac88f8
Thread C:\Windows\System32\spoolsv.exe [1092:1300] 000007fefa1510c8
Thread C:\Windows\System32\spoolsv.exe [1092:1308] 000007fefa116144
Thread C:\Windows\System32\spoolsv.exe [1092:1312] 000007fef9f05fd0
Thread C:\Windows\System32\spoolsv.exe [1092:1316] 000007fef9ef3438
Thread C:\Windows\System32\spoolsv.exe [1092:1320] 000007fef9f063ec
Thread C:\Windows\System32\spoolsv.exe [1092:1328] 000007fefa1f5e5c
Thread C:\Windows\System32\spoolsv.exe [1092:1332] 000007fefaa9484c
Thread C:\Windows\System32\spoolsv.exe [1092:1596] 0000000001eae0bc
Thread C:\Windows\system32\svchost.exe [1404:1768] 000007fefbf13060
Thread C:\Windows\system32\svchost.exe [1404:3996] 000007fefbf15570
Thread C:\Windows\system32\svchost.exe [1404:2944] 000007fef0702888
Thread C:\Windows\system32\svchost.exe [1404:3420] 000007fef06d2940
Thread C:\Windows\system32\svchost.exe [1404:3200] 000007fef0702a40
Thread C:\Windows\SysWOW64\ntdll.dll [3032:3036] 000000000093f680
Thread C:\Windows\SysWOW64\ntdll.dll [3032:3044] 00000000008eede1
Thread C:\Windows\SysWOW64\ntdll.dll [3032:3048] 00000000008eede1
Thread C:\Windows\SysWOW64\ntdll.dll [4488:4484] 000000000093f680
Thread C:\Windows\SysWOW64\ntdll.dll [4488:4480] 00000000008eede1
Thread C:\Windows\SysWOW64\ntdll.dll [4488:4472] 00000000008eede1
---- EOF - GMER 2.0 ----
|
| Themen zu PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler |
| 7-zip, akamai, antivir, avira, bho, bluescreen, bonjour, ccc.exe, converter, einfrieren, error, firefox, flash player, google, grand theft auto, helper, home, install.exe, logfile, ntdll.dll, office 2007, plug-in, prozessor, realtek, registry, scan, security, sekunden, senden, software, svchost.exe, tracker, win32k.sys, windows |
Baum-Darstellung