|
Plagegeister aller Art und deren Bekämpfung: PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere FehlerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.02.2013, 11:25 | #1 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Hallo ihr lieben Helfer, ich habe seit längerem oben genanntes Problem. Mein Rechner ist merklich langsamer geworden, friert des öfteren ein. Meistens ist dies nach dem Hochfahren der Fall, wenn ich verschiedene Programme offen habe. Falls nebenbei Musik läuft, läuft diese nach dem Einfrieren noch kurz weiter. Meistens endet die Musik mit einem verzerrten "Rattern". Entweder kommt dann ein Bluescreen oder es tut sich nichts, bis ich den PC durch Drücken des Start-Knopfes neustarte. Wenn ich Elemente, wie Bilder oder Ähnliches, lösche oder verschiebe, wird dies erst nach Drücken von F5 angezeigt. Desweiteren funktioniert mein DVD bzw CD-Laufwerk nicht mehr, d.h. es liest nichts. Ich benutze MS Windows 7 Home Premium 64-bit sowie Antivir Free. Die Logs poste ich unten. Ich hoffe sehr, ihr könnt mir helfen. Vielen Dank schon einmal im Voraus! Liebe Grüße, Max Defogger wurde durchgeführt. Ging sehr schnell, zeigte mir nach 1-2 Sekunden Finished an. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:57 on 04/02/2013 (Max) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 04.02.2013 10:14:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 60,00% Memory free 3,75 Gb Paging File | 2,39 Gb Available in Paging File | 63,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 335,25 Gb Total Space | 90,10 Gb Free Space | 26,88% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.04 10:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe PRC - [2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.12 04:48:42 | 000,041,864 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Max\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.22 01:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.08.30 08:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\Users\Max\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2013.02.02 11:08:19 | 012,459,888 | ---- | M] () -- C:\Users\Max\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll MOD - [2013.01.18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll MOD - [2013.01.18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll MOD - [2013.01.18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll MOD - [2013.01.18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll MOD - [2013.01.18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll MOD - [2012.11.12 04:48:06 | 000,151,408 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 11\zlib.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.01.11 15:39:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sk27211/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B C8 BD 9B 6C 28 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2DD1001E-5CA3-4506-9BEF-02355D6B4171} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2DD1001E-5CA3-4506-9BEF-02355D6B4171}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=213.140.115.173:8080;https=213.140.115.173:8080;ftp=213.140.115.173:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.350.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.06.13 14:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.19 21:30:29 | 000,000,933 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\11-suche.xml [2011.05.25 15:10:48 | 000,000,943 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\conduit.xml [2011.12.19 21:30:29 | 000,002,419 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\englische-ergebnisse.xml [2011.12.19 21:30:29 | 000,010,525 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\gmx-suche.xml [2012.01.22 13:56:08 | 000,001,048 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\icqplugin.xml [2011.12.19 21:30:29 | 000,002,457 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\lastminute.xml [2011.12.19 21:30:29 | 000,005,508 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\webde-suche.xml File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Max\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: YouTube = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe (Mindjet) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S4116.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_FB0DCF795F3086C624F9CCAD45E29F3E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CA9C1A-96EA-46A0-9A1A-FF0D098A6564}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22293fa3-e107-11e0-ad90-001c4af368f5}\Shell - "" = AutoRun O33 - MountPoints2\{22293fa3-e107-11e0-ad90-001c4af368f5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2b5695c3-95b6-11e0-a8a3-001d920d5226}\Shell - "" = AutoRun O33 - MountPoints2\{2b5695c3-95b6-11e0-a8a3-001d920d5226}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{8ae300b7-944d-11e0-bf7f-001d920d5226}\Shell - "" = AutoRun O33 - MountPoints2\{8ae300b7-944d-11e0-bf7f-001d920d5226}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 10:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.02 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Updater [2013.02.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Illustrator CS2 [2013.02.02 12:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.02.02 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Version Cue CS2 [2013.02.02 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe InDesign CS2 [2013.02.02 12:56:08 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Creative Suite 2 [2013.02.02 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Stock Photos [2013.02.02 12:54:38 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Photoshop CS2 [2013.02.02 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Help Center [2013.02.02 12:52:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.02.02 12:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.02.02 12:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.02 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Bridge [2013.02.02 12:24:51 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2 [2013.02.02 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Photoshop CS2 [2013.01.26 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\Max\.freemind [2013.01.26 17:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2013.01.26 17:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2013.01.26 16:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.26 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mindjet [2013.01.25 17:37:38 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll [2013.01.25 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 [2013.01.25 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Eigene Maps [2013.01.25 17:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet [2013.01.25 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet [2013.01.25 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet [2013.01.25 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{250B3DB2-4235-4280-8724-04DB9571543D} [2013.01.22 17:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.22 17:04:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.22 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.16 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\INFO [2013.01.06 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\fontconfig [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\gegl-0.2 [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\.gimp-2.8 [2013.01.06 14:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 10:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.04 09:57:28 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:43 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.04 09:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 09:37:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:37:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:29:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.04 09:29:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2013.02.04 09:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 09:28:49 | 1509,498,880 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 09:24:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.02 17:20:16 | 000,387,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.02 12:52:22 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | M] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 17:01:04 | 000,030,027 | ---- | M] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.26 16:58:31 | 000,001,398 | ---- | M] () -- C:\Users\Max\Desktop\Free YouTube to MP3 Converter.lnk [2013.01.26 16:58:31 | 000,001,239 | ---- | M] () -- C:\Users\Max\Desktop\DVDVideoSoft Free Studio.lnk [2013.01.25 17:36:46 | 000,002,892 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.17 16:01:31 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.17 16:01:31 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.17 16:01:31 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.17 16:01:31 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.17 16:01:31 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 19:45:39 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.06 16:29:01 | 003,919,550 | ---- | M] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | M] () -- C:\Users\Max\Desktop\GIMP 2.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 09:57:28 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:41 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.02 12:59:42 | 000,002,510 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk [2013.02.02 12:58:43 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.02.02 12:56:56 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk [2013.02.02 12:55:11 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.02.02 12:55:10 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.02.02 12:54:18 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.02.02 12:52:22 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.02.02 12:49:52 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | C] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 14:49:45 | 000,030,027 | ---- | C] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.25 17:36:45 | 000,002,892 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.06 16:29:01 | 003,919,550 | ---- | C] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | C] () -- C:\Users\Max\Desktop\GIMP 2.lnk [2013.01.06 14:31:31 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.10.17 12:16:13 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2012.06.14 18:54:16 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.01 20:14:42 | 000,003,584 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.28 15:37:14 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.11 18:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.22 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft [2012.03.21 19:54:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Amazon [2012.10.17 09:25:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ambient Design [2012.10.19 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity [2011.07.10 08:49:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Bump Technologies, Inc [2012.06.17 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\CheckPoint [2011.09.09 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.26 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft [2013.01.26 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.04 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Epson [2011.08.07 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FreeAudioPack [2012.02.08 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\gtk-2.0 [2012.01.28 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\HandBrake [2012.09.30 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\IrfanView [2012.10.19 15:21:08 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MAGIX [2012.08.20 17:37:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mp3DirectCut [2012.09.30 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\OpenCandy [2011.06.20 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PhotoScape [2012.10.19 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\simplitec [2012.11.10 10:36:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TuneUp Software [2011.07.21 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Unity [2011.09.17 10:06:03 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Vodafone [2012.09.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\WindSolutions [2011.10.11 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 10:14:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 60,00% Memory free 3,75 Gb Paging File | 2,39 Gb Available in Paging File | 63,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 335,25 Gb Total Space | 90,10 Gb Free Space | 26,88% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0562FC55-446A-4569-9FDB-E024725A0C12}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{0A6AE02B-F041-4391-8A6B-6780200FBFB1}" = rport=137 | protocol=17 | dir=out | app=system | "{1502B677-490E-4167-849C-1549EB47494E}" = rport=138 | protocol=17 | dir=out | app=system | "{202B953C-3ED8-4932-B577-4652130470D6}" = rport=139 | protocol=6 | dir=out | app=system | "{25916F89-0C9F-4A11-B4C6-6225B2CEC324}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2A376905-94DA-43A9-8BC9-BEBA86CC4067}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{349FCE89-C11D-4F8A-852E-FD38950E2333}" = lport=137 | protocol=17 | dir=in | app=system | "{48AF4A4B-854B-4A2B-8826-8484D2520154}" = lport=50931 | protocol=6 | dir=in | name=akamai netsession interface | "{89FDF639-2E52-4E46-BB96-7A7850AC0AC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{95D333B6-B868-4669-AD37-59221A83B0F4}" = lport=138 | protocol=17 | dir=in | app=system | "{9E34E4B6-08AE-4FE9-B12F-22B97BB88D80}" = rport=445 | protocol=6 | dir=out | app=system | "{A252D9B5-7EFD-4E01-88AB-E3666D9DCA77}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{A6FBD1CF-C850-41D6-95E6-F82B5E6DD1B8}" = lport=139 | protocol=6 | dir=in | app=system | "{B2E15C5D-2B91-4994-A70A-F1C363F625B7}" = lport=49189 | protocol=6 | dir=in | name=akamai netsession interface | "{B8443382-6DF1-4A2C-BD99-8E7CCEAA72C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BA40BA31-983F-49B1-8261-0832CBA2DCCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E9A9B77E-1CE1-4FFC-8EC5-DB2251EE610B}" = lport=445 | protocol=6 | dir=in | app=system | "{F9497A8F-3E07-4A25-B78E-61450E42DC09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02172756-E7D7-4796-82A0-599F3D2CDDF8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1034892A-1DE6-41A9-8CEA-AA7E674F87A4}" = dir=in | app=c:\brickforce\brickforce.exe | "{12C95DAB-4AE2-4525-91C9-C3C4F565AD57}" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "{176A7177-9C0C-4A62-BFA5-971E12D77C6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1AF05288-E097-4488-9AA3-A406CD21EA29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1E24542F-8E2D-4503-B86A-046ED5DD2270}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{29FC6D92-44C4-4AE4-A107-15EFE6D0E84D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3375F8A4-E748-4539-AD4A-63F1B4BE88FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3A417D7D-7A92-486C-9EB7-DD91F6588620}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{41B76F14-BB22-4439-98C8-1FF0524EEC67}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5000E42A-83FB-4B5B-AEC7-75A564C3BD69}" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "{73A80C06-EDCC-41CF-99C8-51B9895DAB3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7A55D981-5376-4F69-8684-65FB2D80BCEA}" = protocol=17 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe | "{8FC1E105-132F-4572-B763-0879B2B78D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9D482553-A0A1-4C06-8ED1-AF6200AC8BA3}" = protocol=6 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe | "{A1CF2A8B-4E15-4AE4-ADF7-B60336169F30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A27AB637-6BEA-4F06-80F4-A904DDD55703}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BACB4912-ED7E-4B2E-A0A5-67E1537E3AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C23D91DA-4D82-42DD-B91C-88C6D433D910}" = dir=in | app=c:\brickforce\bflauncher.exe | "{C359A7EE-D094-463D-8B46-3084CB481A08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA9D4F84-429C-4CE5-BEA3-5E02E8A69FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7F5AEBB-DB8C-4CE7-9C54-4977DE1BDCDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EF11F3D6-7F5D-4617-A2F2-BE6881A342E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F192833E-0AC1-40ED-AF3B-3A3097BD758F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FE868C19-BF02-402B-8665-D9261BDA7F67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{67082392-29BE-4CCB-9942-9FF596185E7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{9D5B4D06-9BF1-424E-87B1-A66A92FE5190}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{A9FE419D-82D7-403F-9067-2C39CE7FF320}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "UDP Query User{9874E5FC-E44D-4960-A84B-303FFF261D0C}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "UDP Query User{B839AF53-5504-4253-BE31-769625EDD761}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{CBDA1F1C-248C-4816-8FBD-A175D16D53B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "PDF-XChange 3_is1" = PDF-XChange 3 "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{394C2C3E-CA18-4216-B430-ACDD82C26973}" = ArtRage 2 Starter Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life "{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}" = Mindjet "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip" = 7-Zip 9.20 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Akamai" = Akamai NetSession Interface Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "CloneDVD2" = CloneDVD2 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "EPSON Scanner" = EPSON Scan "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.908 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212 "Game Booster_is1" = Game Booster 3 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "MyPaint" = MyPaint 1.0.0 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.12.2012 05:18:04 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0x01cde1b781b60d00 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d1b6c01c-4daa-11e2-a957-001c4af368f5 Error - 24.12.2012 05:18:56 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x1304 Startzeit der fehlerhaften Anwendung: 0x01cde1b7ab6fac99 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f0e8732e-4daa-11e2-a957-001c4af368f5 Error - 25.12.2012 05:55:01 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xe08 Startzeit der fehlerhaften Anwendung: 0x01cde285e13ab283 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 25b4975a-4e79-11e2-bed8-001c4af368f5 Error - 25.12.2012 06:00:07 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cde2868b2ca7a9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: dc2796c0-4e79-11e2-bed8-001c4af368f5 Error - 26.12.2012 09:13:31 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cde36ac546e6b8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0acc2d0f-4f5e-11e2-ba51-001c4af368f5 Error - 26.12.2012 09:20:13 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0x01cde36bb1691b13 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: fac43aad-4f5e-11e2-ba51-001c4af368f5 Error - 27.12.2012 07:46:24 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xeb0 Startzeit der fehlerhaften Anwendung: 0x01cde427c5aef73f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 09d59964-501b-11e2-adfa-001c4af368f5 Error - 27.12.2012 07:48:32 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0x01cde428163f6aa8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5611d367-501b-11e2-adfa-001c4af368f5 Error - 28.12.2012 07:41:48 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xb68 Startzeit der fehlerhaften Anwendung: 0x01cde4f04a4a16d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8fb28746-50e3-11e2-b97e-001c4af368f5 Error - 29.12.2012 07:15:31 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xd20 Startzeit der fehlerhaften Anwendung: 0x01cde5b5c5be435a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0e3b55a7-51a9-11e2-9d50-001c4af368f5 [ System Events ] Error - 03.02.2013 10:08:50 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 03.02.2013 10:23:43 | Computer Name = Max-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?03.?02.?2013 um 15:22:15 unerwartet heruntergefahren. Error - 03.02.2013 10:23:35 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 03.02.2013 10:23:51 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 04.02.2013 04:13:16 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 04.02.2013 04:13:31 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 04.02.2013 04:24:29 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 04.02.2013 04:24:44 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 04.02.2013 04:28:48 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 04.02.2013 04:29:03 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-04 11:02:41 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3360320AS rev.3.AAM 335,35GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Max\AppData\Local\Temp\uwldypow.sys ---- Kernel code sections - GMER 2.0 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001b3900 7 bytes [00, AE, F3, FF, 01, B8, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001b3908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a11401 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a11419 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a11431 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a1144a 2 bytes [A1, 75] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a114dd 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a114f5 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a1150d 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a11525 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a1153d 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a11555 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a1156d 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a11585 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a1159d 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a115b5 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a115cd 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a116b2 2 bytes [A1, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a116bd 2 bytes [A1, 75] ? C:\Windows\system32\mssprxy.dll [2004] entry point in ".rdata" section 0000000074a371e6 .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077acf941 7 bytes {MOV EDX, 0x7f1628; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077acfb85 7 bytes {MOV EDX, 0x7f1668; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077acfbb5 7 bytes {MOV EDX, 0x7f15a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077acfbcd 7 bytes {MOV EDX, 0x7f1528; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077acfbe5 7 bytes {MOV EDX, 0x7f1728; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077acfc15 7 bytes {MOV EDX, 0x7f1768; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077acfc95 7 bytes {MOV EDX, 0x7f16e8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077acfcad 7 bytes {MOV EDX, 0x7f16a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077acfcf9 7 bytes {MOV EDX, 0x7f1468; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077acfdf1 7 bytes {MOV EDX, 0x7f14a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ad0049 7 bytes {MOV EDX, 0x7f1428; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ad1055 7 bytes {MOV EDX, 0x7f15e8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ad10cd 7 bytes {MOV EDX, 0x7f1568; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[3032] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ad12d1 7 bytes {MOV EDX, 0x7f14e8; JMP RDX} ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [880:1044] 000007fefb3159a0 Thread C:\Windows\System32\svchost.exe [880:1960] 000007fefd7a1a70 Thread C:\Windows\System32\svchost.exe [880:3012] 000007fef0891dd0 Thread C:\Windows\System32\svchost.exe [880:3936] 000007fef076a2b0 Thread C:\Windows\System32\svchost.exe [880:4552] 000007fef3d47750 Thread C:\Windows\System32\svchost.exe [880:4704] 000007fefbac88f8 Thread C:\Windows\System32\spoolsv.exe [1092:1300] 000007fefa1510c8 Thread C:\Windows\System32\spoolsv.exe [1092:1308] 000007fefa116144 Thread C:\Windows\System32\spoolsv.exe [1092:1312] 000007fef9f05fd0 Thread C:\Windows\System32\spoolsv.exe [1092:1316] 000007fef9ef3438 Thread C:\Windows\System32\spoolsv.exe [1092:1320] 000007fef9f063ec Thread C:\Windows\System32\spoolsv.exe [1092:1328] 000007fefa1f5e5c Thread C:\Windows\System32\spoolsv.exe [1092:1332] 000007fefaa9484c Thread C:\Windows\System32\spoolsv.exe [1092:1596] 0000000001eae0bc Thread C:\Windows\system32\svchost.exe [1404:1768] 000007fefbf13060 Thread C:\Windows\system32\svchost.exe [1404:3996] 000007fefbf15570 Thread C:\Windows\system32\svchost.exe [1404:2944] 000007fef0702888 Thread C:\Windows\system32\svchost.exe [1404:3420] 000007fef06d2940 Thread C:\Windows\system32\svchost.exe [1404:3200] 000007fef0702a40 Thread C:\Windows\SysWOW64\ntdll.dll [3032:3036] 000000000093f680 Thread C:\Windows\SysWOW64\ntdll.dll [3032:3044] 00000000008eede1 Thread C:\Windows\SysWOW64\ntdll.dll [3032:3048] 00000000008eede1 Thread C:\Windows\SysWOW64\ntdll.dll [4488:4484] 000000000093f680 Thread C:\Windows\SysWOW64\ntdll.dll [4488:4480] 00000000008eede1 Thread C:\Windows\SysWOW64\ntdll.dll [4488:4472] 00000000008eede1 ---- EOF - GMER 2.0 ---- |
04.02.2013, 15:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Anschließend bitte aswMBR und TDSS-Killer ausführen: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
04.02.2013, 17:45 | #3 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Hallo cosinus,
__________________erst einmal vielen vielen Dank für die schnelle Hilfe! MBAR hat nichts gefunden, hier der Log: Code:
ATTFilter --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.600000 GHz Memory total: 2012667904, free: 947576832 ------------ Kernel report ------------ 02/04/2013 16:51:47 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\fwlanusb.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\rpcrt4.dll \Windows\System32\clbcatq.dll \Windows\System32\lpk.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\wininet.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\comdlg32.dll \Windows\System32\nsi.dll \Windows\System32\normaliz.dll \Windows\System32\gdi32.dll \Windows\System32\setupapi.dll \Windows\System32\shell32.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\psapi.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\urlmon.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\difxapi.dll \Windows\System32\user32.dll \Windows\System32\imagehlp.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8003b3e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8003b49b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8003b3d060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa8003b49060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8003b39060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa800173db20 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8002644060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80025e8060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.02.04.06 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8002644060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8002643400, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8002644060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80025c3800, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80025e8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a002eca9c0, 0xfffffa8002644060, 0xfffffa800178f790 Lower DeviceData: 0xfffff8a002f75a50, 0xfffffa80025e8060, 0xfffffa8001939e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 444C544E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 703072256 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 360080695296 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-703262608-703282608)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8003b39060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8003b39b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8003b39060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800173db20, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8003b3d060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8003b3db90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8003b3d060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003b49060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8003b3e060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8003b3eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8003b3e060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003b49b60, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished ======================================= Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-04 17:08:24 ----------------------------- 17:08:25.014 OS Version: Windows x64 6.1.7600 17:08:25.014 Number of processors: 2 586 0x6B01 17:08:25.014 ComputerName: MAX-PC UserName: Max 17:08:26.168 Initialize success 17:10:49.723 AVAST engine defs: 13020400 17:11:15.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:11:15.963 Disk 0 Vendor: ST3360320AS 3.AAM Size: 343399MB BusType: 3 17:11:15.978 Disk 0 MBR read successfully 17:11:15.978 Disk 0 MBR scan 17:11:15.994 Disk 0 Windows 7 default MBR code 17:11:16.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:11:16.025 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 343297 MB offset 206848 17:11:16.072 Disk 0 scanning C:\Windows\system32\drivers 17:11:24.200 Service scanning 17:11:43.154 Modules scanning 17:11:43.154 Disk 0 trace - called modules: 17:11:43.169 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 17:11:43.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002644060] 17:11:43.185 3 CLASSPNP.SYS[fffff8800191543f] -> nt!IofCallDriver -> [0xfffffa80025c3800] 17:11:43.185 5 ACPI.sys[fffff88000f19781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80025e8060] 17:11:43.949 AVAST engine scan C:\Windows 17:11:45.525 AVAST engine scan C:\Windows\system32 17:14:36.582 AVAST engine scan C:\Windows\system32\drivers 17:14:46.145 AVAST engine scan C:\Users\Max 17:31:54.398 AVAST engine scan C:\ProgramData 17:32:32.027 Scan finished successfully 17:32:53.945 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat" 17:32:53.960 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt" Code:
ATTFilter 17:35:54.0908 5008 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:35:55.0537 5008 ============================================================ 17:35:55.0537 5008 Current date / time: 2013/02/04 17:35:55.0537 17:35:55.0537 5008 SystemInfo: 17:35:55.0537 5008 17:35:55.0537 5008 OS Version: 6.1.7600 ServicePack: 0.0 17:35:55.0537 5008 Product type: Workstation 17:35:55.0537 5008 ComputerName: MAX-PC 17:35:55.0538 5008 UserName: Max 17:35:55.0538 5008 Windows directory: C:\Windows 17:35:55.0538 5008 System windows directory: C:\Windows 17:35:55.0538 5008 Running under WOW64 17:35:55.0538 5008 Processor architecture: Intel x64 17:35:55.0538 5008 Number of processors: 2 17:35:55.0538 5008 Page size: 0x1000 17:35:55.0538 5008 Boot type: Normal boot 17:35:55.0538 5008 ============================================================ 17:35:56.0053 5008 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0x2857C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040 17:35:56.0083 5008 ============================================================ 17:35:56.0083 5008 \Device\Harddisk0\DR0: 17:35:56.0086 5008 MBR partitions: 17:35:56.0086 5008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:35:56.0086 5008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800 17:35:56.0086 5008 ============================================================ 17:35:56.0136 5008 C: <-> \Device\Harddisk0\DR0\Partition2 17:35:56.0137 5008 ============================================================ 17:35:56.0137 5008 Initialize success 17:35:56.0137 5008 ============================================================ 17:36:23.0996 1368 ============================================================ 17:36:23.0996 1368 Scan started 17:36:23.0996 1368 Mode: Manual; SigCheck; TDLFS; 17:36:23.0996 1368 ============================================================ 17:36:24.0511 1368 ================ Scan system memory ======================== 17:36:24.0511 1368 System memory - ok 17:36:24.0511 1368 ================ Scan services ============================= 17:36:24.0636 1368 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 17:36:24.0807 1368 1394ohci - ok 17:36:24.0901 1368 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 17:36:24.0932 1368 ABBYY.Licensing.FineReader.Sprint.9.0 - ok 17:36:24.0963 1368 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 17:36:24.0979 1368 ACPI - ok 17:36:24.0995 1368 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 17:36:25.0041 1368 AcpiPmi - ok 17:36:25.0088 1368 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 17:36:25.0104 1368 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 17:36:25.0104 1368 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 17:36:25.0244 1368 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe 17:36:25.0260 1368 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning 17:36:25.0260 1368 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1) 17:36:25.0369 1368 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:36:25.0385 1368 AdobeFlashPlayerUpdateSvc - ok 17:36:25.0431 1368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:36:25.0447 1368 adp94xx - ok 17:36:25.0463 1368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:36:25.0478 1368 adpahci - ok 17:36:25.0494 1368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:36:25.0509 1368 adpu320 - ok 17:36:25.0541 1368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:36:25.0619 1368 AeLookupSvc - ok 17:36:25.0665 1368 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 17:36:25.0712 1368 AFD - ok 17:36:25.0743 1368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 17:36:25.0759 1368 agp440 - ok 17:36:25.0853 1368 Akamai - ok 17:36:25.0884 1368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:36:25.0899 1368 ALG - ok 17:36:25.0915 1368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 17:36:25.0915 1368 aliide - ok 17:36:25.0977 1368 AMD FUEL Service - ok 17:36:26.0009 1368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 17:36:26.0009 1368 amdide - ok 17:36:26.0040 1368 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 17:36:26.0055 1368 amdiox64 - ok 17:36:26.0102 1368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:36:26.0133 1368 AmdK8 - ok 17:36:26.0149 1368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:36:26.0180 1368 AmdPPM - ok 17:36:26.0227 1368 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:36:26.0243 1368 amdsata - ok 17:36:26.0258 1368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:36:26.0274 1368 amdsbs - ok 17:36:26.0289 1368 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:36:26.0305 1368 amdxata - ok 17:36:26.0399 1368 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:36:26.0414 1368 AntiVirSchedulerService - ok 17:36:26.0445 1368 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:36:26.0461 1368 AntiVirService - ok 17:36:26.0508 1368 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 17:36:26.0539 1368 AppID - ok 17:36:26.0555 1368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:36:26.0617 1368 AppIDSvc - ok 17:36:26.0648 1368 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 17:36:26.0679 1368 Appinfo - ok 17:36:26.0742 1368 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:36:26.0757 1368 Apple Mobile Device - ok 17:36:26.0773 1368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:36:26.0789 1368 arc - ok 17:36:26.0804 1368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:36:26.0820 1368 arcsas - ok 17:36:26.0913 1368 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:36:26.0945 1368 aspnet_state - ok 17:36:26.0976 1368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:36:27.0023 1368 AsyncMac - ok 17:36:27.0054 1368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 17:36:27.0069 1368 atapi - ok 17:36:27.0194 1368 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:36:27.0350 1368 atikmdag - ok 17:36:27.0397 1368 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 17:36:27.0413 1368 AtiPcie - ok 17:36:27.0459 1368 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:36:27.0522 1368 AudioEndpointBuilder - ok 17:36:27.0537 1368 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:36:27.0584 1368 AudioSrv - ok 17:36:27.0631 1368 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:36:27.0647 1368 avgntflt - ok 17:36:27.0662 1368 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:36:27.0678 1368 avipbb - ok 17:36:27.0693 1368 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:36:27.0709 1368 avkmgr - ok 17:36:27.0756 1368 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 17:36:27.0787 1368 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 17:36:27.0787 1368 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 17:36:27.0834 1368 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys 17:36:27.0834 1368 avmeject - ok 17:36:27.0865 1368 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:36:27.0912 1368 AxInstSV - ok 17:36:27.0943 1368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:36:27.0990 1368 b06bdrv - ok 17:36:28.0021 1368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:36:28.0052 1368 b57nd60a - ok 17:36:28.0083 1368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:36:28.0115 1368 BDESVC - ok 17:36:28.0146 1368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:36:28.0193 1368 Beep - ok 17:36:28.0239 1368 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 17:36:28.0317 1368 BFE - ok 17:36:28.0364 1368 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 17:36:28.0427 1368 BITS - ok 17:36:28.0458 1368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:36:28.0489 1368 blbdrive - ok 17:36:28.0536 1368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:36:28.0567 1368 Bonjour Service - ok 17:36:28.0583 1368 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:36:28.0614 1368 bowser - ok 17:36:28.0645 1368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:36:28.0676 1368 BrFiltLo - ok 17:36:28.0692 1368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:36:28.0707 1368 BrFiltUp - ok 17:36:28.0754 1368 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 17:36:28.0785 1368 Browser - ok 17:36:28.0817 1368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:36:28.0863 1368 Brserid - ok 17:36:28.0879 1368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:36:28.0910 1368 BrSerWdm - ok 17:36:28.0926 1368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:36:28.0988 1368 BrUsbMdm - ok 17:36:28.0988 1368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:36:29.0004 1368 BrUsbSer - ok 17:36:29.0035 1368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:36:29.0051 1368 BTHMODEM - ok 17:36:29.0097 1368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:36:29.0144 1368 bthserv - ok 17:36:29.0160 1368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:36:29.0222 1368 cdfs - ok 17:36:29.0238 1368 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:36:29.0269 1368 cdrom - ok 17:36:29.0300 1368 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 17:36:29.0363 1368 CertPropSvc - ok 17:36:29.0378 1368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:36:29.0409 1368 circlass - ok 17:36:29.0441 1368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:36:29.0456 1368 CLFS - ok 17:36:29.0519 1368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:36:29.0534 1368 clr_optimization_v2.0.50727_32 - ok 17:36:29.0550 1368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:36:29.0565 1368 clr_optimization_v2.0.50727_64 - ok 17:36:29.0612 1368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:36:29.0628 1368 clr_optimization_v4.0.30319_32 - ok 17:36:29.0628 1368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:36:29.0659 1368 clr_optimization_v4.0.30319_64 - ok 17:36:29.0690 1368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:36:29.0721 1368 CmBatt - ok 17:36:29.0737 1368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 17:36:29.0753 1368 cmdide - ok 17:36:29.0784 1368 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 17:36:29.0831 1368 CNG - ok 17:36:29.0846 1368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:36:29.0862 1368 Compbatt - ok 17:36:29.0862 1368 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:36:29.0893 1368 CompositeBus - ok 17:36:29.0909 1368 COMSysApp - ok 17:36:29.0924 1368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:36:29.0940 1368 crcdisk - ok 17:36:29.0987 1368 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:36:30.0018 1368 CryptSvc - ok 17:36:30.0049 1368 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:36:30.0111 1368 DcomLaunch - ok 17:36:30.0158 1368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:36:30.0205 1368 defragsvc - ok 17:36:30.0236 1368 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:36:30.0283 1368 DfsC - ok 17:36:30.0330 1368 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 17:36:30.0361 1368 Dhcp - ok 17:36:30.0408 1368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:36:30.0470 1368 discache - ok 17:36:30.0501 1368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:36:30.0517 1368 Disk - ok 17:36:30.0533 1368 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:36:30.0564 1368 Dnscache - ok 17:36:30.0611 1368 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 17:36:30.0657 1368 dot3svc - ok 17:36:30.0689 1368 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 17:36:30.0735 1368 DPS - ok 17:36:30.0767 1368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:36:30.0782 1368 drmkaud - ok 17:36:30.0813 1368 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:36:30.0860 1368 DXGKrnl - ok 17:36:30.0891 1368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:36:30.0938 1368 EapHost - ok 17:36:31.0032 1368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:36:31.0141 1368 ebdrv - ok 17:36:31.0172 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 17:36:31.0203 1368 EFS - ok 17:36:31.0250 1368 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:36:31.0297 1368 ehRecvr - ok 17:36:31.0328 1368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:36:31.0375 1368 ehSched - ok 17:36:31.0406 1368 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 17:36:31.0422 1368 ElbyCDIO - ok 17:36:31.0453 1368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:36:31.0484 1368 elxstor - ok 17:36:31.0500 1368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 17:36:31.0547 1368 ErrDev - ok 17:36:31.0593 1368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:36:31.0640 1368 EventSystem - ok 17:36:31.0671 1368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:36:31.0718 1368 exfat - ok 17:36:31.0749 1368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:36:31.0796 1368 fastfat - ok 17:36:31.0827 1368 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 17:36:31.0874 1368 Fax - ok 17:36:31.0905 1368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:36:31.0905 1368 fdc - ok 17:36:31.0921 1368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:36:31.0968 1368 fdPHost - ok 17:36:31.0999 1368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:36:32.0046 1368 FDResPub - ok 17:36:32.0061 1368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:36:32.0077 1368 FileInfo - ok 17:36:32.0093 1368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:36:32.0139 1368 Filetrace - ok 17:36:32.0171 1368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:36:32.0202 1368 flpydisk - ok 17:36:32.0233 1368 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:36:32.0249 1368 FltMgr - ok 17:36:32.0295 1368 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll 17:36:32.0373 1368 FontCache - ok 17:36:32.0420 1368 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:36:32.0436 1368 FontCache3.0.0.0 - ok 17:36:32.0451 1368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:36:32.0467 1368 FsDepends - ok 17:36:32.0498 1368 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:36:32.0498 1368 Fs_Rec - ok 17:36:32.0545 1368 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:36:32.0561 1368 fvevol - ok 17:36:32.0623 1368 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys 17:36:32.0654 1368 FWLANUSB - ok 17:36:32.0670 1368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:36:32.0685 1368 gagp30kx - ok 17:36:32.0717 1368 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:36:32.0732 1368 GEARAspiWDM - ok 17:36:32.0763 1368 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 17:36:32.0810 1368 gpsvc - ok 17:36:32.0888 1368 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:32.0904 1368 gupdate - ok 17:36:32.0919 1368 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:32.0919 1368 gupdatem - ok 17:36:32.0966 1368 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:36:32.0982 1368 gusvc - ok 17:36:33.0013 1368 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 17:36:33.0029 1368 hamachi - ok 17:36:33.0029 1368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:36:33.0060 1368 hcw85cir - ok 17:36:33.0091 1368 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:36:33.0122 1368 HdAudAddService - ok 17:36:33.0153 1368 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:36:33.0185 1368 HDAudBus - ok 17:36:33.0200 1368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:36:33.0231 1368 HidBatt - ok 17:36:33.0247 1368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:36:33.0278 1368 HidBth - ok 17:36:33.0309 1368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:36:33.0325 1368 HidIr - ok 17:36:33.0372 1368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:36:33.0403 1368 hidserv - ok 17:36:33.0450 1368 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:36:33.0481 1368 HidUsb - ok 17:36:33.0497 1368 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:36:33.0559 1368 hkmsvc - ok 17:36:33.0575 1368 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:36:33.0606 1368 HomeGroupListener - ok 17:36:33.0637 1368 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:36:33.0668 1368 HomeGroupProvider - ok 17:36:33.0684 1368 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 17:36:33.0699 1368 HpSAMD - ok 17:36:33.0731 1368 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:36:33.0793 1368 HTTP - ok 17:36:33.0809 1368 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:36:33.0824 1368 hwpolicy - ok 17:36:33.0840 1368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:36:33.0855 1368 i8042prt - ok 17:36:33.0887 1368 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:36:33.0918 1368 iaStorV - ok 17:36:33.0949 1368 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:36:33.0996 1368 idsvc - ok 17:36:33.0996 1368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:36:34.0011 1368 iirsp - ok 17:36:34.0058 1368 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 17:36:34.0121 1368 IKEEXT - ok 17:36:34.0136 1368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 17:36:34.0152 1368 intelide - ok 17:36:34.0167 1368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:36:34.0199 1368 intelppm - ok 17:36:34.0214 1368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:36:34.0277 1368 IPBusEnum - ok 17:36:34.0308 1368 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:36:34.0339 1368 IpFilterDriver - ok 17:36:34.0386 1368 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:36:34.0448 1368 iphlpsvc - ok 17:36:34.0464 1368 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 17:36:34.0495 1368 IPMIDRV - ok 17:36:34.0526 1368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:36:34.0573 1368 IPNAT - ok 17:36:34.0635 1368 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:36:34.0651 1368 iPod Service - ok 17:36:34.0682 1368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:36:34.0698 1368 IRENUM - ok 17:36:34.0698 1368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 17:36:34.0713 1368 isapnp - ok 17:36:34.0745 1368 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:36:34.0760 1368 iScsiPrt - ok 17:36:34.0760 1368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:36:34.0776 1368 kbdclass - ok 17:36:34.0791 1368 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:36:34.0823 1368 kbdhid - ok 17:36:34.0838 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 17:36:34.0854 1368 KeyIso - ok 17:36:34.0885 1368 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:36:34.0901 1368 KSecDD - ok 17:36:34.0932 1368 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:36:34.0932 1368 KSecPkg - ok 17:36:34.0963 1368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:36:35.0010 1368 ksthunk - ok 17:36:35.0041 1368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:36:35.0088 1368 KtmRm - ok 17:36:35.0135 1368 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:36:35.0166 1368 LanmanServer - ok 17:36:35.0197 1368 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:36:35.0259 1368 LanmanWorkstation - ok 17:36:35.0291 1368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:36:35.0337 1368 lltdio - ok 17:36:35.0369 1368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:36:35.0415 1368 lltdsvc - ok 17:36:35.0431 1368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:36:35.0478 1368 lmhosts - ok 17:36:35.0509 1368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:36:35.0525 1368 LSI_FC - ok 17:36:35.0540 1368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:36:35.0556 1368 LSI_SAS - ok 17:36:35.0571 1368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:36:35.0587 1368 LSI_SAS2 - ok 17:36:35.0603 1368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:36:35.0603 1368 LSI_SCSI - ok 17:36:35.0618 1368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:36:35.0681 1368 luafv - ok 17:36:35.0727 1368 [ B5E86524918EF32B32D1032E0C8E92A3 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys 17:36:35.0743 1368 massfilter - ok 17:36:35.0759 1368 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 17:36:35.0774 1368 MBAMProtector - ok 17:36:35.0852 1368 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:36:35.0883 1368 MBAMScheduler - ok 17:36:35.0915 1368 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:36:35.0946 1368 MBAMService - ok 17:36:35.0961 1368 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:36:35.0993 1368 Mcx2Svc - ok 17:36:36.0024 1368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:36:36.0039 1368 megasas - ok 17:36:36.0055 1368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:36:36.0071 1368 MegaSR - ok 17:36:36.0102 1368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:36:36.0149 1368 MMCSS - ok 17:36:36.0164 1368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:36:36.0211 1368 Modem - ok 17:36:36.0227 1368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:36:36.0258 1368 monitor - ok 17:36:36.0289 1368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:36:36.0289 1368 mouclass - ok 17:36:36.0305 1368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:36:36.0336 1368 mouhid - ok 17:36:36.0367 1368 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:36:36.0367 1368 mountmgr - ok 17:36:36.0398 1368 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 17:36:36.0398 1368 mpio - ok 17:36:36.0429 1368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:36:36.0461 1368 mpsdrv - ok 17:36:36.0507 1368 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:36:36.0570 1368 MpsSvc - ok 17:36:36.0585 1368 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:36:36.0632 1368 MRxDAV - ok 17:36:36.0663 1368 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:36:36.0679 1368 mrxsmb - ok 17:36:36.0710 1368 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:36:36.0741 1368 mrxsmb10 - ok 17:36:36.0757 1368 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:36:36.0788 1368 mrxsmb20 - ok 17:36:36.0804 1368 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 17:36:36.0819 1368 msahci - ok 17:36:36.0835 1368 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 17:36:36.0851 1368 msdsm - ok 17:36:36.0866 1368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:36:36.0897 1368 MSDTC - ok 17:36:36.0929 1368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:36:36.0975 1368 Msfs - ok 17:36:36.0991 1368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:36:37.0038 1368 mshidkmdf - ok 17:36:37.0038 1368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 17:36:37.0053 1368 msisadrv - ok 17:36:37.0085 1368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:36:37.0131 1368 MSiSCSI - ok 17:36:37.0147 1368 msiserver - ok 17:36:37.0163 1368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:36:37.0209 1368 MSKSSRV - ok 17:36:37.0241 1368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:36:37.0287 1368 MSPCLOCK - ok 17:36:37.0303 1368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:36:37.0365 1368 MSPQM - ok 17:36:37.0381 1368 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:36:37.0397 1368 MsRPC - ok 17:36:37.0412 1368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:36:37.0428 1368 mssmbios - ok 17:36:37.0443 1368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:36:37.0490 1368 MSTEE - ok 17:36:37.0506 1368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:36:37.0537 1368 MTConfig - ok 17:36:37.0568 1368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:36:37.0584 1368 Mup - ok 17:36:37.0631 1368 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 17:36:37.0677 1368 napagent - ok 17:36:37.0709 1368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:36:37.0740 1368 NativeWifiP - ok 17:36:37.0787 1368 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 17:36:37.0833 1368 NDIS - ok 17:36:37.0849 1368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:36:37.0896 1368 NdisCap - ok 17:36:37.0927 1368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:36:37.0974 1368 NdisTapi - ok 17:36:38.0005 1368 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:36:38.0052 1368 Ndisuio - ok 17:36:38.0067 1368 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:36:38.0114 1368 NdisWan - ok 17:36:38.0130 1368 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:36:38.0177 1368 NDProxy - ok 17:36:38.0208 1368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:36:38.0255 1368 NetBIOS - ok 17:36:38.0286 1368 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:36:38.0364 1368 NetBT - ok 17:36:38.0379 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 17:36:38.0395 1368 Netlogon - ok 17:36:38.0426 1368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:36:38.0473 1368 Netman - ok 17:36:38.0535 1368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:36:38.0567 1368 NetMsmqActivator - ok 17:36:38.0582 1368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:36:38.0598 1368 NetPipeActivator - ok 17:36:38.0629 1368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:36:38.0691 1368 netprofm - ok 17:36:38.0723 1368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:36:38.0738 1368 NetTcpActivator - ok 17:36:38.0738 1368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:36:38.0754 1368 NetTcpPortSharing - ok 17:36:38.0785 1368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:36:38.0785 1368 nfrd960 - ok 17:36:38.0816 1368 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:36:38.0863 1368 NlaSvc - ok 17:36:38.0894 1368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:36:38.0941 1368 Npfs - ok 17:36:38.0972 1368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:36:39.0035 1368 nsi - ok 17:36:39.0081 1368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:36:39.0128 1368 nsiproxy - ok 17:36:39.0191 1368 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:36:39.0253 1368 Ntfs - ok 17:36:39.0269 1368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:36:39.0315 1368 Null - ok 17:36:39.0347 1368 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:36:39.0362 1368 nvraid - ok 17:36:39.0393 1368 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:36:39.0393 1368 nvstor - ok 17:36:39.0425 1368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 17:36:39.0440 1368 nv_agp - ok 17:36:39.0503 1368 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:36:39.0534 1368 odserv - ok 17:36:39.0565 1368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:36:39.0581 1368 ohci1394 - ok 17:36:39.0627 1368 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:36:39.0643 1368 ose - ok 17:36:39.0659 1368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:36:39.0690 1368 p2pimsvc - ok 17:36:39.0721 1368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:36:39.0737 1368 p2psvc - ok 17:36:39.0768 1368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:36:39.0784 1368 Parport - ok 17:36:39.0815 1368 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:36:39.0830 1368 partmgr - ok 17:36:39.0862 1368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:36:39.0893 1368 PcaSvc - ok 17:36:39.0924 1368 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 17:36:39.0924 1368 pci - ok 17:36:39.0940 1368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 17:36:39.0955 1368 pciide - ok 17:36:39.0971 1368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:36:39.0986 1368 pcmcia - ok 17:36:40.0018 1368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:36:40.0018 1368 pcw - ok 17:36:40.0049 1368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:36:40.0127 1368 PEAUTH - ok 17:36:40.0189 1368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:36:40.0205 1368 PerfHost - ok 17:36:40.0267 1368 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 17:36:40.0345 1368 pla - ok 17:36:40.0376 1368 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:36:40.0408 1368 PlugPlay - ok 17:36:40.0423 1368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:36:40.0439 1368 PNRPAutoReg - ok 17:36:40.0470 1368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:36:40.0486 1368 PNRPsvc - ok 17:36:40.0517 1368 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:36:40.0564 1368 PolicyAgent - ok 17:36:40.0610 1368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:36:40.0673 1368 Power - ok 17:36:40.0704 1368 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:36:40.0766 1368 PptpMiniport - ok 17:36:40.0782 1368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:36:40.0798 1368 Processor - ok 17:36:40.0844 1368 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 17:36:40.0860 1368 ProfSvc - ok 17:36:40.0876 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:36:40.0891 1368 ProtectedStorage - ok 17:36:40.0907 1368 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:36:40.0969 1368 Psched - ok 17:36:41.0016 1368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:36:41.0078 1368 ql2300 - ok 17:36:41.0110 1368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:36:41.0125 1368 ql40xx - ok 17:36:41.0141 1368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:36:41.0172 1368 QWAVE - ok 17:36:41.0203 1368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:36:41.0234 1368 QWAVEdrv - ok 17:36:41.0266 1368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:36:41.0312 1368 RasAcd - ok 17:36:41.0344 1368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:36:41.0375 1368 RasAgileVpn - ok 17:36:41.0390 1368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:36:41.0437 1368 RasAuto - ok 17:36:41.0468 1368 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:36:41.0515 1368 Rasl2tp - ok 17:36:41.0562 1368 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 17:36:41.0624 1368 RasMan - ok 17:36:41.0656 1368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:36:41.0702 1368 RasPppoe - ok 17:36:41.0718 1368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:36:41.0765 1368 RasSstp - ok 17:36:41.0812 1368 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:36:41.0858 1368 rdbss - ok 17:36:41.0874 1368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:36:41.0890 1368 rdpbus - ok 17:36:41.0921 1368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:36:41.0952 1368 RDPCDD - ok 17:36:41.0968 1368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:36:42.0030 1368 RDPENCDD - ok 17:36:42.0046 1368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:36:42.0077 1368 RDPREFMP - ok 17:36:42.0108 1368 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:36:42.0139 1368 RDPWD - ok 17:36:42.0170 1368 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:36:42.0186 1368 rdyboost - ok 17:36:42.0202 1368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:36:42.0248 1368 RemoteAccess - ok 17:36:42.0280 1368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:36:42.0326 1368 RemoteRegistry - ok 17:36:42.0358 1368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:36:42.0420 1368 RpcEptMapper - ok 17:36:42.0451 1368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:36:42.0467 1368 RpcLocator - ok 17:36:42.0498 1368 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 17:36:42.0545 1368 RpcSs - ok 17:36:42.0576 1368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:36:42.0623 1368 rspndr - ok 17:36:42.0670 1368 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 17:36:42.0701 1368 RTL8167 - ok 17:36:42.0716 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 17:36:42.0732 1368 SamSs - ok 17:36:42.0732 1368 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 17:36:42.0748 1368 sbp2port - ok 17:36:42.0779 1368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:36:42.0826 1368 SCardSvr - ok 17:36:42.0857 1368 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:36:42.0904 1368 scfilter - ok 17:36:42.0950 1368 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 17:36:43.0013 1368 Schedule - ok 17:36:43.0044 1368 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:36:43.0091 1368 SCPolicySvc - ok 17:36:43.0106 1368 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:36:43.0153 1368 SDRSVC - ok 17:36:43.0184 1368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:36:43.0231 1368 secdrv - ok 17:36:43.0247 1368 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 17:36:43.0294 1368 seclogon - ok 17:36:43.0309 1368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:36:43.0372 1368 SENS - ok 17:36:43.0387 1368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:36:43.0434 1368 SensrSvc - ok 17:36:43.0450 1368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:36:43.0465 1368 Serenum - ok 17:36:43.0481 1368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:36:43.0512 1368 Serial - ok 17:36:43.0543 1368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:36:43.0559 1368 sermouse - ok 17:36:43.0606 1368 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 17:36:43.0637 1368 SessionEnv - ok 17:36:43.0668 1368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:36:43.0684 1368 sffdisk - ok 17:36:43.0715 1368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:36:43.0730 1368 sffp_mmc - ok 17:36:43.0746 1368 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:36:43.0777 1368 sffp_sd - ok 17:36:43.0793 1368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:36:43.0808 1368 sfloppy - ok 17:36:43.0824 1368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:36:43.0886 1368 SharedAccess - ok 17:36:43.0918 1368 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:36:43.0980 1368 ShellHWDetection - ok 17:36:44.0011 1368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:36:44.0027 1368 SiSRaid2 - ok 17:36:44.0027 1368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:36:44.0042 1368 SiSRaid4 - ok 17:36:44.0074 1368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:36:44.0120 1368 Smb - ok 17:36:44.0167 1368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:36:44.0167 1368 SNMPTRAP - ok 17:36:44.0198 1368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:36:44.0214 1368 spldr - ok 17:36:44.0245 1368 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 17:36:44.0292 1368 Spooler - ok 17:36:44.0370 1368 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 17:36:44.0495 1368 sppsvc - ok 17:36:44.0510 1368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:36:44.0557 1368 sppuinotify - ok 17:36:44.0588 1368 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:36:44.0635 1368 srv - ok 17:36:44.0651 1368 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:36:44.0698 1368 srv2 - ok 17:36:44.0713 1368 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:36:44.0744 1368 srvnet - ok 17:36:44.0776 1368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:36:44.0822 1368 SSDPSRV - ok 17:36:44.0854 1368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:36:44.0900 1368 SstpSvc - ok 17:36:44.0916 1368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:36:44.0932 1368 stexstor - ok 17:36:44.0963 1368 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 17:36:44.0994 1368 stisvc - ok 17:36:45.0010 1368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:36:45.0025 1368 swenum - ok 17:36:45.0041 1368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:36:45.0119 1368 swprv - ok 17:36:45.0166 1368 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 17:36:45.0244 1368 SysMain - ok 17:36:45.0275 1368 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:36:45.0306 1368 TabletInputService - ok 17:36:45.0337 1368 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 17:36:45.0400 1368 TapiSrv - ok 17:36:45.0415 1368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:36:45.0462 1368 TBS - ok 17:36:45.0540 1368 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:36:45.0618 1368 Tcpip - ok 17:36:45.0665 1368 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:36:45.0712 1368 TCPIP6 - ok 17:36:45.0727 1368 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:36:45.0774 1368 tcpipreg - ok 17:36:45.0790 1368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:36:45.0821 1368 TDPIPE - ok 17:36:45.0836 1368 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:36:45.0868 1368 TDTCP - ok 17:36:45.0914 1368 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:36:45.0961 1368 tdx - ok 17:36:45.0977 1368 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:36:45.0992 1368 TermDD - ok 17:36:46.0024 1368 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 17:36:46.0086 1368 TermService - ok 17:36:46.0117 1368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:36:46.0148 1368 Themes - ok 17:36:46.0164 1368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:36:46.0195 1368 THREADORDER - ok 17:36:46.0211 1368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:36:46.0273 1368 TrkWks - ok 17:36:46.0320 1368 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:36:46.0351 1368 TrustedInstaller - ok 17:36:46.0367 1368 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:36:46.0414 1368 tssecsrv - ok 17:36:46.0460 1368 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:36:46.0507 1368 tunnel - ok 17:36:46.0523 1368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:36:46.0538 1368 uagp35 - ok 17:36:46.0570 1368 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:36:46.0616 1368 udfs - ok 17:36:46.0663 1368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:36:46.0694 1368 UI0Detect - ok 17:36:46.0726 1368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 17:36:46.0741 1368 uliagpkx - ok 17:36:46.0757 1368 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:36:46.0788 1368 umbus - ok 17:36:46.0804 1368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:36:46.0835 1368 UmPass - ok 17:36:46.0866 1368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:36:46.0913 1368 upnphost - ok 17:36:46.0944 1368 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:36:46.0975 1368 USBAAPL64 - ok 17:36:46.0991 1368 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:36:47.0022 1368 usbccgp - ok 17:36:47.0053 1368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 17:36:47.0084 1368 usbcir - ok 17:36:47.0100 1368 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:36:47.0116 1368 usbehci - ok 17:36:47.0131 1368 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:36:47.0162 1368 usbhub - ok 17:36:47.0178 1368 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 17:36:47.0194 1368 usbohci - ok 17:36:47.0225 1368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:36:47.0240 1368 usbprint - ok 17:36:47.0272 1368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:36:47.0287 1368 usbscan - ok 17:36:47.0303 1368 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:36:47.0318 1368 USBSTOR - ok 17:36:47.0350 1368 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:36:47.0365 1368 usbuhci - ok 17:36:47.0412 1368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:36:47.0459 1368 UxSms - ok 17:36:47.0474 1368 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 17:36:47.0474 1368 VaultSvc - ok 17:36:47.0506 1368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 17:36:47.0521 1368 vdrvroot - ok 17:36:47.0552 1368 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 17:36:47.0599 1368 vds - ok 17:36:47.0615 1368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:36:47.0630 1368 vga - ok 17:36:47.0646 1368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:36:47.0693 1368 VgaSave - ok 17:36:47.0724 1368 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 17:36:47.0740 1368 vhdmp - ok 17:36:47.0755 1368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 17:36:47.0755 1368 viaide - ok 17:36:47.0771 1368 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 17:36:47.0786 1368 volmgr - ok 17:36:47.0818 1368 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:36:47.0833 1368 volmgrx - ok 17:36:47.0864 1368 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:36:47.0896 1368 volsnap - ok 17:36:47.0942 1368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:36:47.0958 1368 vsmraid - ok 17:36:48.0005 1368 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 17:36:48.0083 1368 VSS - ok 17:36:48.0098 1368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 17:36:48.0114 1368 vwifibus - ok 17:36:48.0145 1368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:36:48.0176 1368 W32Time - ok 17:36:48.0208 1368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:36:48.0223 1368 WacomPen - ok 17:36:48.0254 1368 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:36:48.0317 1368 WANARP - ok 17:36:48.0317 1368 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:36:48.0348 1368 Wanarpv6 - ok 17:36:48.0410 1368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:36:48.0457 1368 WatAdminSvc - ok 17:36:48.0504 1368 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 17:36:48.0582 1368 wbengine - ok 17:36:48.0598 1368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:36:48.0613 1368 WbioSrvc - ok 17:36:48.0644 1368 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:36:48.0676 1368 wcncsvc - ok 17:36:48.0707 1368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:36:48.0738 1368 WcsPlugInService - ok 17:36:48.0754 1368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:36:48.0769 1368 Wd - ok 17:36:48.0800 1368 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:36:48.0847 1368 Wdf01000 - ok 17:36:48.0863 1368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:36:48.0894 1368 WdiServiceHost - ok 17:36:48.0910 1368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:36:48.0941 1368 WdiSystemHost - ok 17:36:48.0972 1368 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 17:36:48.0988 1368 WebClient - ok 17:36:49.0034 1368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:36:49.0081 1368 Wecsvc - ok 17:36:49.0097 1368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:36:49.0144 1368 wercplsupport - ok 17:36:49.0175 1368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:36:49.0222 1368 WerSvc - ok 17:36:49.0253 1368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:36:49.0284 1368 WfpLwf - ok 17:36:49.0300 1368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:36:49.0315 1368 WIMMount - ok 17:36:49.0331 1368 WinDefend - ok 17:36:49.0331 1368 WinHttpAutoProxySvc - ok 17:36:49.0378 1368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:36:49.0424 1368 Winmgmt - ok 17:36:49.0487 1368 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 17:36:49.0596 1368 WinRM - ok 17:36:49.0643 1368 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:36:49.0658 1368 WinUsb - ok 17:36:49.0705 1368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:36:49.0752 1368 Wlansvc - ok 17:36:49.0861 1368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:36:49.0955 1368 wlidsvc - ok 17:36:49.0970 1368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:36:50.0002 1368 WmiAcpi - ok 17:36:50.0033 1368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:36:50.0064 1368 wmiApSrv - ok 17:36:50.0095 1368 WMPNetworkSvc - ok 17:36:50.0126 1368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:36:50.0158 1368 WPCSvc - ok 17:36:50.0173 1368 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:36:50.0220 1368 WPDBusEnum - ok 17:36:50.0236 1368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:36:50.0298 1368 ws2ifsl - ok 17:36:50.0329 1368 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 17:36:50.0360 1368 wscsvc - ok 17:36:50.0360 1368 WSearch - ok 17:36:50.0454 1368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:36:50.0563 1368 wuauserv - ok 17:36:50.0579 1368 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:36:50.0594 1368 WudfPf - ok 17:36:50.0626 1368 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:36:50.0641 1368 WUDFRd - ok 17:36:50.0672 1368 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:36:50.0704 1368 wudfsvc - ok 17:36:50.0735 1368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:36:50.0782 1368 WwanSvc - ok 17:36:50.0813 1368 X6va008 - ok 17:36:50.0860 1368 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 17:36:50.0860 1368 ZTEusbmdm6k - ok 17:36:50.0891 1368 [ 01CBEEA25AA78C0F0272654048D61F34 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys 17:36:50.0906 1368 ZTEusbnet - ok 17:36:50.0938 1368 [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 17:36:50.0969 1368 ZTEusbnmea - ok 17:36:50.0984 1368 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 17:36:51.0000 1368 ZTEusbser6k - ok 17:36:51.0031 1368 [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys 17:36:51.0047 1368 ZTEusbvoice - ok 17:36:51.0062 1368 ================ Scan global =============================== 17:36:51.0094 1368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:36:51.0109 1368 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 17:36:51.0125 1368 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 17:36:51.0140 1368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:36:51.0172 1368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:36:51.0172 1368 [Global] - ok 17:36:51.0172 1368 ================ Scan MBR ================================== 17:36:51.0187 1368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:36:51.0359 1368 \Device\Harddisk0\DR0 - ok 17:36:51.0359 1368 ================ Scan VBR ================================== 17:36:51.0359 1368 [ E2B87011CAB3C5B8B4BBFC441B554D14 ] \Device\Harddisk0\DR0\Partition1 17:36:51.0359 1368 \Device\Harddisk0\DR0\Partition1 - ok 17:36:51.0390 1368 [ EEA57D941366895ECE85AAFC4D0BE42C ] \Device\Harddisk0\DR0\Partition2 17:36:51.0390 1368 \Device\Harddisk0\DR0\Partition2 - ok 17:36:51.0390 1368 ============================================================ 17:36:51.0390 1368 Scan finished 17:36:51.0390 1368 ============================================================ 17:36:51.0406 3000 Detected object count: 3 17:36:51.0406 3000 Actual detected object count: 3 17:37:06.0678 3000 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:06.0678 3000 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:06.0678 3000 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:06.0678 3000 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:06.0678 3000 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:06.0678 3000 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip Liebe Grüße, Max |
04.02.2013, 21:03 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Du hast das falsche Log von MBAR gepostet, system.log sollte gerade nicht gepostet werden - bitte das richtige nachreichen Danach kommt CF dran: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2013, 02:10 | #5 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Entschuldige bitte, dass ich das falsche Log gepostet habe. Tut mir echt leid. Hier nun das richtige: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.04.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Max :: MAX-PC [administrator] 04.02.2013 17:03:29 mbar-log-2013-02-04 (17-03-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30207 Time elapsed: 10 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - Max 05.02.2013 1:37.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1919.1023 [GMT 1:00] ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 )))))))))))))))))))))))))))))) . . 2013-02-05 00:48 . 2013-02-05 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-02 11:59 . 2013-02-02 11:59 -------- d-----w- c:\users\Max\Adobe Illustrator CS2 2013-02-02 11:58 . 2013-02-02 11:58 -------- d-----w- c:\windows\SysWow64\Adobe 2013-02-02 11:58 . 2004-08-17 01:40 16384 ----a-w- c:\windows\SysWow64\FileOps.exe 2013-02-02 11:57 . 2013-02-02 11:58 -------- d-----w- c:\users\Max\Adobe Version Cue CS2 2013-02-02 11:56 . 2013-02-02 11:56 -------- d-----w- c:\users\Max\Adobe InDesign CS2 2013-02-02 11:56 . 2013-02-02 11:56 -------- d-----w- c:\users\Max\Adobe Creative Suite 2 2013-02-02 11:56 . 2013-02-02 11:56 -------- d-----w- c:\users\Max\Adobe Stock Photos 2013-02-02 11:54 . 2013-02-02 11:55 -------- d-----w- c:\users\Max\Adobe Photoshop CS2 2013-02-02 11:54 . 2013-02-02 11:54 -------- d-----w- c:\users\Max\Adobe Help Center 2013-02-02 11:49 . 2013-02-02 11:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared 2013-02-02 11:49 . 2013-02-02 11:49 -------- d-----w- c:\users\Max\Adobe Bridge 2013-02-02 11:24 . 2013-02-02 11:26 -------- d-----w- C:\Creative Suite CS2 2013-01-26 16:41 . 2013-01-26 16:42 -------- d-----w- c:\users\Max\.freemind 2013-01-26 16:41 . 2013-01-26 16:41 -------- d-----w- c:\program files (x86)\FreeMind 2013-01-26 15:58 . 2013-01-26 15:58 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2013-01-26 12:56 . 2013-01-26 12:56 -------- d-----w- c:\users\Max\AppData\Local\Mindjet 2013-01-25 16:37 . 2006-01-30 07:32 6656 ----a-w- c:\windows\system32\pxc35pm.dll 2013-01-25 16:36 . 2013-01-25 16:36 -------- d-----w- c:\programdata\Mindjet 2013-01-25 16:36 . 2013-01-25 16:36 -------- d-----w- c:\program files (x86)\Mindjet 2013-01-25 16:32 . 2013-01-25 16:32 -------- d-----w- c:\users\Max\AppData\Local\{250B3DB2-4235-4280-8724-04DB9571543D} 2013-01-22 16:04 . 2013-01-22 16:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-22 16:04 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 16:18 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 16:18 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 16:18 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 16:18 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 16:18 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 16:18 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 16:18 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 16:18 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 16:16 . 2012-11-23 03:45 3147264 ----a-w- c:\windows\system32\win32k.sys 2013-01-06 13:33 . 2013-01-06 13:33 -------- d-----w- c:\users\Max\AppData\Local\fontconfig 2013-01-06 13:33 . 2013-01-22 16:24 -------- d-----w- c:\users\Max\.gimp-2.8 2013-01-06 13:33 . 2013-01-06 13:33 -------- d-----w- c:\users\Max\AppData\Local\gegl-0.2 2013-01-06 13:30 . 2013-01-06 13:31 -------- d-----w- c:\program files\GIMP 2 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-11 14:39 . 2012-10-28 09:59 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-11 14:39 . 2011-06-14 14:11 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 18:35 . 2011-06-11 18:41 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 16:52 . 2012-12-21 12:41 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-21 12:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 12:41 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-21 12:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:56 . 2013-01-09 16:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 17:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 17:19 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 17:19 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 17:19 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 17:19 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 17:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 17:19 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 17:19 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 17:19 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 17:19 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 17:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 17:19 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 17:19 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 17:19 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 17:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 17:19 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 17:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 17:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 17:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 17:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 17:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 17:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:34 . 2012-12-13 17:07 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-13 17:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Max\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "GoogleChromeAutoLaunch_FB0DCF795F3086C624F9CCAD45E29F3E"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "MMReminderService"="c:\program files (x86)\Mindjet\MindManager 11\MMReminderService.exe" [2012-11-12 41864] "Adobe Version Cue CS2"="c:\users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 11776] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736] R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 167424] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 150784] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-07 27760] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-07 86224] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-04 09:22 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}] 2012-11-12 03:46 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 11\sys\MmInternetExplorerActiveSetup.vbs . Inhalt des "geplante Tasks" Ordners . 2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 14:39] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 14:46] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 14:46] . . --------- X64 Entries ----------- . . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.icq.com/sk27211/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>???????????????????????????`??;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local> uInternet Settings,ProxyServer = http=213.140.115.173:8080;https=213.140.115.173:8080;ftp=213.140.115.173:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Bild an Mindjetsenden - c:\program files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll/201 IE: Free YouTube to MP3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Link an Mindjetsenden - c:\program files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll/203 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an Mindjetsenden - c:\program files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll/204 IE: Text an Mindjet senden - c:\program files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll/202 TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-05 02:02:57 ComboFix-quarantined-files.txt 2013-02-05 01:02 . Vor Suchlauf: 22 Verzeichnis(se), 104.902.467.584 Bytes frei Nach Suchlauf: 28 Verzeichnis(se), 105.275.568.128 Bytes frei . - - End Of File - - F527C292E0F006830649B72356ED7143 |
05.02.2013, 09:14 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler |
05.02.2013, 11:43 | #7 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler adwCleaner[s1].txt: Code:
ATTFilter # AdwCleaner v2.110 - Datei am 05/02/2013 um 11:18:13 erstellt # Aktualisiert am 03/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Max - MAX-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Max\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\brmx19c5.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\brmx19c5.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\brmx19c5.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar Ordner Gelöscht : C:\Program Files (x86)\search results toolbar Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\ilividtoolbarguid Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\brmx19c5.default\ilividtoolbarguid Ordner Gelöscht : C:\Users\Max\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/sk27211/ --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\brmx19c5.default\prefs.js Gelöscht : user_pref("CT2613550..clientLogIsEnabled", true); Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2613550.CTID", "ct2613550"); Gelöscht : user_pref("CT2613550.CurrentServerDate", "13-6-2011"); Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Mon Jun 13 2011 16:38:45 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedLastCount3082739963941193807", 0); Gelöscht : user_pref("CT2613550.FeedPollDate7861255190875796966", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191286404846", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191690696803", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255191830767423", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192204641884", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192330261614", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192609293799", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255192844976705", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193025486845", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193127848905", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193189289837", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193256322449", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193310202497", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193760634970", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255193813312257", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255194862513855", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate7861255194875474195", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedTTL7861255190875796966", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255191286404846", 2); Gelöscht : user_pref("CT2613550.FeedTTL7861255191830767423", 30); Gelöscht : user_pref("CT2613550.FeedTTL7861255192609293799", 30); Gelöscht : user_pref("CT2613550.FeedTTL7861255192844976705", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255193256322449", 5); Gelöscht : user_pref("CT2613550.FeedTTL7861255193310202497", 2); Gelöscht : user_pref("CT2613550.FirstServerDate", "13-6-2011"); Gelöscht : user_pref("CT2613550.FirstTime", true); Gelöscht : user_pref("CT2613550.FirstTimeFF3", true); Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true); Gelöscht : user_pref("CT2613550.Initialize", true); Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2); Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration"); Gelöscht : user_pref("CT2613550.InstalledDate", "Mon Jun 13 2011 16:18:19 GMT+0200"); Gelöscht : user_pref("CT2613550.IsGrouping", false); Gelöscht : user_pref("CT2613550.IsMulticommunity", false); Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", false); Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2613550.LastLogin_3.3.3.2", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.LatestVersion", "3.3.3.2"); Gelöscht : user_pref("CT2613550.Locale", "de-de"); Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2613550.SavedHomepage", "facebook.de"); Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Mon Jun 13 2011 16:18:18 GMT+0200"); Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Mon Jun 13 2011 16:18:18 GMT+0200"); Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1306530423"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Mon Jun 13 2011 16:18:18 GMT+0200"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657"); Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550"); Gelöscht : user_pref("CT2613550.UserID", "UN18535297478936497"); Gelöscht : user_pref("CT2613550.alertChannelId", "1006347"); Gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 406); Gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de"); Gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Mon Jun 13 2011 16:18:19 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1306530423"); Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Mon Jun 13 2011 16:18:19 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255344657"); Gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200[...] Gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"[...] Gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Mon Jun 13 2011 16:18:27 GMT+0200"[...] Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Mon Jun 13 2011 16:18:20 GMT+0200"); Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true); Gelöscht : user_pref("CT2613550.myStuffEnabled", true); Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2613550.testingCtid", ""); Gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Mon Jun 13 2011 16:18:19 GMT+0200"); Gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1006347/1002062/DE", "\"0\"[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2613550/CT2613550[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 13 2011 16:18:20 GMT+02[...] Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 13 2011 16:38:53 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 13 2011 16:18:18 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.alert.userId", "4cb619bb-dcc9-41d2-bfd2-d1a7c74b8443"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jun 13 2011 16:18:21 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "b7130c0e-c475-4150-a29c-e09d3b092b0e"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=[...] -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.12] : homepage = "hxxp://www.searchnu.com/406", Gelöscht [l.1666] : homepage = "hxxp://www.searchnu.com/406", ************************* AdwCleaner[S1].txt - [15088 octets] - [05/02/2013 11:18:13] ########## EOF - C:\AdwCleaner[S1].txt - [15149 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2013 11:24:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 50,74% Memory free 3,75 Gb Paging File | 2,53 Gb Available in Paging File | 67,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 335,25 Gb Total Space | 97,95 Gb Free Space | 29,22% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe (Mindjet) PRC - C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - c:\Users\Max\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe () PRC - C:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) PRC - c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Mindjet\MindManager 11\zlib.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Adobe Version Cue CS2) -- c:\Users\Max\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B C8 BD 9B 6C 28 CC 01 [binary data] IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\..\SearchScopes\{2DD1001E-5CA3-4506-9BEF-02355D6B4171}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] IE - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=213.140.115.173:8080;https=213.140.115.173:8080;ftp=213.140.115.173:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.350.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.06.13 14:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions [2012.09.16 19:44:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\brmx19c5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.19 21:30:29 | 000,002,419 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\englische-ergebnisse.xml [2011.12.19 21:30:29 | 000,010,525 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\gmx-suche.xml [2011.12.19 21:30:29 | 000,002,457 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\lastminute.xml [2011.12.19 21:30:29 | 000,005,508 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\brmx19c5.default\searchplugins\webde-suche.xml File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Max\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: YouTube = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\Max\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe (Mindjet) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000..\Run: [Akamai NetSession Interface] C:\Users\Max\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000..\Run: [GoogleChromeAutoLaunch_FB0DCF795F3086C624F9CCAD45E29F3E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Link an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an Mindjetsenden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Text an Mindjet senden - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CA9C1A-96EA-46A0-9A1A-FF0D098A6564}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 11:11:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.05 02:03:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.05 01:34:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.05 01:34:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.05 01:34:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.05 01:34:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.05 01:34:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.05 01:30:41 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe [2013.02.04 17:34:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2013.02.04 17:05:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2013.02.04 16:51:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\mbar [2013.02.04 10:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.02 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Updater [2013.02.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Illustrator CS2 [2013.02.02 12:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.02.02 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Version Cue CS2 [2013.02.02 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe InDesign CS2 [2013.02.02 12:56:08 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Creative Suite 2 [2013.02.02 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Stock Photos [2013.02.02 12:54:38 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Photoshop CS2 [2013.02.02 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Help Center [2013.02.02 12:52:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.02.02 12:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.02.02 12:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.02 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Max\Adobe Bridge [2013.02.02 12:24:51 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2 [2013.02.02 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Photoshop CS2 [2013.01.26 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\Max\.freemind [2013.01.26 17:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2013.01.26 17:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2013.01.26 16:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.26 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mindjet [2013.01.25 17:37:38 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll [2013.01.25 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 [2013.01.25 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Eigene Maps [2013.01.25 17:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet [2013.01.25 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet [2013.01.25 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet [2013.01.25 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{250B3DB2-4235-4280-8724-04DB9571543D} [2013.01.22 17:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.22 17:04:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.22 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.16 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\INFO [2013.01.09 17:18:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 17:18:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 17:18:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 17:17:59 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 17:17:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 17:17:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 17:17:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 17:17:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 17:17:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 17:17:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 17:17:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 17:17:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 17:17:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 17:17:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 17:17:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 17:17:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 17:17:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 17:17:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 17:17:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 17:17:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 17:17:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 17:17:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 17:17:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 17:17:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 17:17:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 17:17:50 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 17:17:49 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 17:17:49 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 17:17:47 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 17:17:47 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 17:17:47 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 17:17:47 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 17:17:47 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 17:17:47 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 17:17:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 17:17:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 17:17:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 17:17:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 17:17:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 17:17:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 17:17:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 17:17:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 17:17:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 17:17:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 17:17:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 17:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 17:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 17:17:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 17:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 17:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 17:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 17:17:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 17:17:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 17:17:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 17:17:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 17:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 17:17:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 17:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 17:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 17:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 17:17:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.06 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\fontconfig [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\gegl-0.2 [2013.01.06 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Max\.gimp-2.8 [2013.01.06 14:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 11:28:45 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 11:28:45 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 11:21:48 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.05 11:20:42 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.05 11:20:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 11:20:31 | 1509,498,880 | -HS- | M] () -- C:\hiberfil.sys [2013.02.05 11:16:07 | 000,582,111 | ---- | M] () -- C:\Users\Max\Desktop\adwcleaner.exe [2013.02.05 01:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 01:31:14 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe [2013.02.04 17:34:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2013.02.04 17:32:53 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat [2013.02.04 17:07:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2013.02.04 12:45:00 | 668,156,426 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.04 10:32:33 | 000,365,568 | ---- | M] () -- C:\Users\Max\Desktop\gmer_2.0.18454.exe [2013.02.04 10:11:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.02.04 09:57:28 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:43 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.02 17:20:16 | 000,387,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.02 12:52:22 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | M] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 17:01:04 | 000,030,027 | ---- | M] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.26 16:58:31 | 000,001,398 | ---- | M] () -- C:\Users\Max\Desktop\Free YouTube to MP3 Converter.lnk [2013.01.26 16:58:31 | 000,001,239 | ---- | M] () -- C:\Users\Max\Desktop\DVDVideoSoft Free Studio.lnk [2013.01.25 17:36:46 | 000,002,892 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.17 16:01:31 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.17 16:01:31 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.17 16:01:31 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.17 16:01:31 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.17 16:01:31 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.11 15:39:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.11 15:39:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 19:45:39 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.06 16:29:01 | 003,919,550 | ---- | M] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | M] () -- C:\Users\Max\Desktop\GIMP 2.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 11:16:05 | 000,582,111 | ---- | C] () -- C:\Users\Max\Desktop\adwcleaner.exe [2013.02.05 01:34:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.05 01:34:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.05 01:34:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.05 01:34:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.05 01:34:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.04 17:32:53 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat [2013.02.04 12:45:00 | 668,156,426 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.04 10:32:31 | 000,365,568 | ---- | C] () -- C:\Users\Max\Desktop\gmer_2.0.18454.exe [2013.02.04 09:57:28 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable [2013.02.04 09:56:41 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe [2013.02.02 12:59:42 | 000,002,510 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk [2013.02.02 12:58:43 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.02.02 12:56:56 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk [2013.02.02 12:55:11 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.02.02 12:55:10 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.02.02 12:54:18 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.02.02 12:52:22 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.02.02 12:49:52 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.01.26 17:41:12 | 000,001,885 | ---- | C] () -- C:\Users\Max\Desktop\FreeMind.lnk [2013.01.26 14:49:45 | 000,030,027 | ---- | C] () -- C:\Users\Max\Documents\Vernichtung der Tropischen Regenwälder.mmap [2013.01.25 17:36:45 | 000,002,892 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet.lnk [2013.01.22 17:23:34 | 000,005,779 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.01.22 17:04:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.06 16:29:01 | 003,919,550 | ---- | C] () -- C:\Users\Max\Documents\tonystark.xcf [2013.01.06 14:33:39 | 000,000,892 | ---- | C] () -- C:\Users\Max\Desktop\GIMP 2.lnk [2013.01.06 14:31:31 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.10.17 12:16:13 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2012.06.14 18:54:16 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.01 20:14:42 | 000,003,584 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.28 15:37:14 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.11 18:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > EXTRAS.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 11:24:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 50,74% Memory free 3,75 Gb Paging File | 2,53 Gb Available in Paging File | 67,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 335,25 Gb Total Space | 97,95 Gb Free Space | 29,22% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0562FC55-446A-4569-9FDB-E024725A0C12}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{0A6AE02B-F041-4391-8A6B-6780200FBFB1}" = rport=137 | protocol=17 | dir=out | app=system | "{1502B677-490E-4167-849C-1549EB47494E}" = rport=138 | protocol=17 | dir=out | app=system | "{202B953C-3ED8-4932-B577-4652130470D6}" = rport=139 | protocol=6 | dir=out | app=system | "{25916F89-0C9F-4A11-B4C6-6225B2CEC324}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2A376905-94DA-43A9-8BC9-BEBA86CC4067}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{349FCE89-C11D-4F8A-852E-FD38950E2333}" = lport=137 | protocol=17 | dir=in | app=system | "{48AF4A4B-854B-4A2B-8826-8484D2520154}" = lport=50931 | protocol=6 | dir=in | name=akamai netsession interface | "{89FDF639-2E52-4E46-BB96-7A7850AC0AC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{95D333B6-B868-4669-AD37-59221A83B0F4}" = lport=138 | protocol=17 | dir=in | app=system | "{9E34E4B6-08AE-4FE9-B12F-22B97BB88D80}" = rport=445 | protocol=6 | dir=out | app=system | "{A252D9B5-7EFD-4E01-88AB-E3666D9DCA77}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{A6FBD1CF-C850-41D6-95E6-F82B5E6DD1B8}" = lport=139 | protocol=6 | dir=in | app=system | "{B2E15C5D-2B91-4994-A70A-F1C363F625B7}" = lport=49189 | protocol=6 | dir=in | name=akamai netsession interface | "{B8443382-6DF1-4A2C-BD99-8E7CCEAA72C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BA40BA31-983F-49B1-8261-0832CBA2DCCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E9A9B77E-1CE1-4FFC-8EC5-DB2251EE610B}" = lport=445 | protocol=6 | dir=in | app=system | "{F9497A8F-3E07-4A25-B78E-61450E42DC09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02172756-E7D7-4796-82A0-599F3D2CDDF8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1034892A-1DE6-41A9-8CEA-AA7E674F87A4}" = dir=in | app=c:\brickforce\brickforce.exe | "{12C95DAB-4AE2-4525-91C9-C3C4F565AD57}" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "{176A7177-9C0C-4A62-BFA5-971E12D77C6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1AF05288-E097-4488-9AA3-A406CD21EA29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1E24542F-8E2D-4503-B86A-046ED5DD2270}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{29FC6D92-44C4-4AE4-A107-15EFE6D0E84D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3375F8A4-E748-4539-AD4A-63F1B4BE88FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3A417D7D-7A92-486C-9EB7-DD91F6588620}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{41B76F14-BB22-4439-98C8-1FF0524EEC67}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5000E42A-83FB-4B5B-AEC7-75A564C3BD69}" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "{73A80C06-EDCC-41CF-99C8-51B9895DAB3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7A55D981-5376-4F69-8684-65FB2D80BCEA}" = protocol=17 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe | "{8FC1E105-132F-4572-B763-0879B2B78D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9D482553-A0A1-4C06-8ED1-AF6200AC8BA3}" = protocol=6 | dir=in | app=c:\users\max\adobe version cue cs2\bin\versioncuecs2.exe | "{A1CF2A8B-4E15-4AE4-ADF7-B60336169F30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A27AB637-6BEA-4F06-80F4-A904DDD55703}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BACB4912-ED7E-4B2E-A0A5-67E1537E3AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C23D91DA-4D82-42DD-B91C-88C6D433D910}" = dir=in | app=c:\brickforce\bflauncher.exe | "{C359A7EE-D094-463D-8B46-3084CB481A08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA9D4F84-429C-4CE5-BEA3-5E02E8A69FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7F5AEBB-DB8C-4CE7-9C54-4977DE1BDCDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EF11F3D6-7F5D-4617-A2F2-BE6881A342E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F192833E-0AC1-40ED-AF3B-3A3097BD758F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FE868C19-BF02-402B-8665-D9261BDA7F67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{67082392-29BE-4CCB-9942-9FF596185E7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{9D5B4D06-9BF1-424E-87B1-A66A92FE5190}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{A9FE419D-82D7-403F-9067-2C39CE7FF320}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "UDP Query User{9874E5FC-E44D-4960-A84B-303FFF261D0C}C:\users\max\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\local\akamai\netsession_win.exe | "UDP Query User{B839AF53-5504-4253-BE31-769625EDD761}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{CBDA1F1C-248C-4816-8FBD-A175D16D53B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "PDF-XChange 3_is1" = PDF-XChange 3 "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{394C2C3E-CA18-4216-B430-ACDD82C26973}" = ArtRage 2 Starter Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life "{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}" = Mindjet "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip" = 7-Zip 9.20 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Akamai" = Akamai NetSession Interface Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "CloneDVD2" = CloneDVD2 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "EPSON Scanner" = EPSON Scan "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.908 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212 "Game Booster_is1" = Game Booster 3 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2015449539-990817979-4152146852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "MyPaint" = MyPaint 1.0.0 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.12.2012 14:30:09 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0x01cde13b8867ed1c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c75a9482-4d2e-11e2-853d-001c4af368f5 Error - 24.12.2012 05:18:04 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0x01cde1b781b60d00 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d1b6c01c-4daa-11e2-a957-001c4af368f5 Error - 24.12.2012 05:18:56 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x1304 Startzeit der fehlerhaften Anwendung: 0x01cde1b7ab6fac99 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f0e8732e-4daa-11e2-a957-001c4af368f5 Error - 25.12.2012 05:55:01 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xe08 Startzeit der fehlerhaften Anwendung: 0x01cde285e13ab283 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 25b4975a-4e79-11e2-bed8-001c4af368f5 Error - 25.12.2012 06:00:07 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cde2868b2ca7a9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: dc2796c0-4e79-11e2-bed8-001c4af368f5 Error - 26.12.2012 09:13:31 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cde36ac546e6b8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0acc2d0f-4f5e-11e2-ba51-001c4af368f5 Error - 26.12.2012 09:20:13 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0x01cde36bb1691b13 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: fac43aad-4f5e-11e2-ba51-001c4af368f5 Error - 27.12.2012 07:46:24 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xeb0 Startzeit der fehlerhaften Anwendung: 0x01cde427c5aef73f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 09d59964-501b-11e2-adfa-001c4af368f5 Error - 27.12.2012 07:48:32 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0x01cde428163f6aa8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5611d367-501b-11e2-adfa-001c4af368f5 Error - 28.12.2012 07:41:48 | Computer Name = Max-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4ca242ed Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6ae2 ID des fehlerhaften Prozesses: 0xb68 Startzeit der fehlerhaften Anwendung: 0x01cde4f04a4a16d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8fb28746-50e3-11e2-b97e-001c4af368f5 [ System Events ] Error - 04.02.2013 11:47:41 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 04.02.2013 20:24:29 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 04.02.2013 20:24:44 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 04.02.2013 20:34:30 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Adobe Version Cue CS2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.02.2013 20:42:06 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 04.02.2013 20:48:44 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.02.2013 06:11:32 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 05.02.2013 06:11:45 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 Error - 05.02.2013 06:20:29 | Computer Name = Max-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 05.02.2013 06:20:42 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: %%126 < End of report > |
05.02.2013, 11:47 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2013, 12:46 | #9 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Max :: MAX-PC [Administrator] 05.02.2013 11:50:18 mbam-log-2013-02-05 (11-50-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221573 Laufzeit: 3 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=143d5d9e45d3ad4f94b842d6632aefaa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-05 11:41:39 # local_time=2013-02-05 12:41:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1023 16777215 0 0 0 0 0 0 # compatibility_mode=1799 16775165 100 97 8673 225487789 1446 0 # compatibility_mode=5893 16776574 100 94 12685607 112470170 0 0 # scanned=227987 # found=0 # cleaned=0 # scan_time=2303 |
05.02.2013, 13:39 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2013, 13:54 | #11 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Super! Tausend Dank! Da werd ich gleich mal die Einstellungen ändern und mich mal mit den Host Files auseinandersetzen. Soweit scheint vom Betrieb her alles in Ordnung bezüglich des Einfrierens, wobei ich da mal noch eine Weile abwarten werde. Nur ein Problem habe ich noch, und zwar erkennt der Rechner immer noch keine CDs. Wenn ich eine CD oder DVD ins Laufwerk einlege, tut sich nichts. Wenn ich aufs Laufwerk klicke, passiert ebenfalls nichts bzw kommt die Meldung, dass ich eine CD einlegen soll. Kann das denn auch mit einem Virus zusammenhängen? Trotzdem soweit nochmal vielen vielen Dank für die tolle und schnelle Hilfe! |
05.02.2013, 14:16 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Andere Discs ausprobieren und weitersehen. Ansosnten mal Kabel überprüfen wenn das ein Desktop-PC und kein Notebook ist. Wenn nichts hilft muss ein neues optisches Laufwerk her Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2013, 14:21 | #13 |
| PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler Okay, mach ich Super, echt sehr schön!! Dann arbeite ich noch deine Schritte ab und kann endlich wieder beruhigt am PC arbeiten. Nochmals vielen Dank für deine tolle Hilfe! Liebe Grüße, Max |
Themen zu PC friert ein, Musik läuft weiter, manchmal Bluescreen, diverse andere Fehler |
7-zip, akamai, antivir, avira, bho, bluescreen, bonjour, ccc.exe, converter, einfrieren, error, firefox, flash player, google, grand theft auto, helper, home, install.exe, logfile, ntdll.dll, office 2007, plug-in, prozessor, realtek, registry, scan, security, sekunden, senden, software, svchost.exe, tracker, win32k.sys, windows |