|
Log-Analyse und Auswertung: Neuer Fund - TR/Krytik.ailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2013, 13:18 | #1 |
| Neuer Fund - TR/Krytik.ail So, habe nun einen komplettcheck des Sytems gemacht. Bin gerade etwas in Panik! Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 6. Februar 2013 08:50 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Philipp Computername : PHILIPP-PC Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 05.02.2013 21:29:10 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 05.02.2013 21:29:10 LUKE.DLL : 13.6.0.400 67360 Bytes 05.02.2013 21:29:21 AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05.02.2013 21:29:39 AVREG.DLL : 13.6.0.600 250592 Bytes 05.02.2013 21:29:39 avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 21:29:39 avlode.rdf : 13.0.0.36 10917 Bytes 05.02.2013 21:29:39 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:05:27 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 08:12:25 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 09:20:25 VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 12:36:50 VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 12:36:50 VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 12:36:50 VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 12:36:50 VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 12:36:50 VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 12:36:50 VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 17:09:22 VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 17:09:43 VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 08:38:30 VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 13:06:26 VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 13:06:27 VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 13:06:27 VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 16:49:52 VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 16:49:49 VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 19:28:59 VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 19:29:00 VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 19:29:02 VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 20:49:03 VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 14:35:08 VBASE027.VDF : 7.11.59.68 1887744 Bytes 31.01.2013 23:15:56 VBASE028.VDF : 7.11.59.159 431104 Bytes 04.02.2013 17:34:14 VBASE029.VDF : 7.11.59.192 1093120 Bytes 05.02.2013 17:34:15 VBASE030.VDF : 7.11.59.193 2048 Bytes 05.02.2013 17:34:15 VBASE031.VDF : 7.11.59.220 26624 Bytes 06.02.2013 07:39:05 Engineversion : 8.2.10.246 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.07.2012 21:05:32 AESCRIPT.DLL : 8.1.4.86 467323 Bytes 31.01.2013 23:15:58 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 19:35:31 AESBX.DLL : 8.2.5.12 606578 Bytes 19.07.2012 21:05:32 AERDL.DLL : 8.2.0.88 643444 Bytes 13.01.2013 13:06:29 AEPACK.DLL : 8.3.1.2 819574 Bytes 29.12.2012 14:07:26 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 18:53:24 AEHEUR.DLL : 8.1.4.194 5710199 Bytes 02.02.2013 09:27:18 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:47:16 AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:29:03 AEEXP.DLL : 8.3.0.18 188789 Bytes 31.01.2013 23:15:58 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.07.2012 21:05:30 AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 19:35:30 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 18:53:23 AVWINLL.DLL : 13.4.0.163 25888 Bytes 05.02.2013 21:28:53 AVPREF.DLL : 13.4.0.360 50464 Bytes 05.02.2013 21:29:09 AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 21:29:39 AVARKT.DLL : 13.6.0.402 260384 Bytes 05.02.2013 21:29:04 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 05.02.2013 21:29:05 SQLITE3.DLL : 3.7.0.1 397088 Bytes 05.02.2013 21:29:29 AVSMTP.DLL : 13.4.0.163 62240 Bytes 05.02.2013 21:29:11 NETNT.DLL : 13.4.0.360 15648 Bytes 05.02.2013 21:29:24 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 05.02.2013 21:28:53 RCTEXT.DLL : 13.4.0.360 68384 Bytes 05.02.2013 21:28:53 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp Protokollierung.......................: standard Primäre Aktion........................: ignorieren Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, F:, N: Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: aus Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +SPR, Beginn des Suchlaufs: Mittwoch, 6. Februar 2013 08:50 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'F:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'N:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '143' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'devolonetsvc.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'DTAG.Mediencenter.BackgroundService.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '185' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlservr.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrB.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlbrowser.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'WDDMService.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'iCloudServices.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfcWnd.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'WDFME.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfcmon.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'WDSC.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '131' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '119' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '40' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '3691' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Windows\System32\config\RegBack\SOFTWARE [WARNUNG] Die Datei konnte nicht geöffnet werden! Beginne mit der Suche in 'D:\' <Spiele> Beginne mit der Suche in 'E:\' <Programme> E:\Backup\86e3ff55635dc246b84b34ed2c658b66b75f6154\aa1062cf4f887b86185e08b0cb54d831466d6b31 [0] Archivtyp: ZIP --> Postetikett_Deutsche_Post_AG_DE355-35.exe [FUND] Ist das Trojanische Pferd TR/Krytik.ail [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 59feb30f.qua erstellt ( QUARANTÄNE ) Ende des Suchlaufs: Mittwoch, 6. Februar 2013 12:58 Benötigte Zeit: 4:08:15 Stunde(n) Der Suchlauf wurde abgebrochen! 61888 Verzeichnisse wurden überprüft 1877714 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1877707 Dateien ohne Befall 14083 Archive wurden durchsucht 2 Warnungen 1 Hinweise 140837 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Da ist nun ein weiterer Virus aufgetaucht. Das laufwerk E bzw da wo es gefunden wurde, ist aber mein Backupverzeichnis fürs Iphone. Komisch. ;( Bin gerade etwas Überfordert. Habe auch noch nie was von Postettiketten oder so gehört und mit gemacht. ;( PS: Habe diese .exe Datei nie geöffnet. KAnn ich einfach diesen BAckup Ordner Löschen? Da ich das Backup eh nicht mehr benötige? |
06.02.2013, 13:25 | #2 |
/// Malware-holic | Neuer Fund - TR/Krytik.ail hi
__________________1. wurde der Suchlauf abgebrochen. 2. ist der Fund in einem Backup verzeichniss. 3. was heißt erneuter Fund, wo sind die anderen Meldungen? http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
06.02.2013, 13:48 | #3 |
| Neuer Fund - TR/Krytik.ail Hallo.
__________________Also zu 1) ich habe ihn abgebrochen weil danach nur noch meine Bilder Festplatte kam. Zu 3) neuer Fund meinte ich damit das es im Endeffekt mein erster war. Aber diese Warnung Schon mal hatte. Zu 2) das Backup Verzeichnis ist von iTunes und speichert Backups von iPhone und iPad. Daher frag ich mich wie eine exe in das zip file kommen kann und ob ein löschen diese Backup Verzeichnisses bzw des unterordners das Problem löst. Da sonst kein anderer Virus gefunden wurde in anderen datein Oder Braucht ihr noch mehr Infos. Sorry wenn ich so schnell bin. |
06.02.2013, 13:53 | #4 |
/// Malware-holic | Neuer Fund - TR/Krytik.ail Hi also, die Datei sieht aus, als währe sie von einer Spam mail (sie mussen ein postetiket abholen) oder ähnlich. hast du sowas bekommen und das Archiv runtergeladen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 13:59 | #5 |
| Neuer Fund - TR/Krytik.ail Soweit ich weiß nicht. Normalerweise lösche ich immer Mails von unbekannt mit Anhang. Aber ich weiß nicht wann das gewesen sein sollte. Vllt habe ich sie auch geöffnet aber nie diese exe. Weil das wurde mir bekannt vorkommen diese lange Name. Und mit Post habe ich eigentlich nix zu tun. Gibt es Denn nun Möglichkeiten das zu löschen? Das Verzeichnis einfach? Weil da steht ja das ihr Datei nicht aus dem Archiv entfernt werden kann. Mich Wundert auch warum die im iPhone Backup Verzeichnis ist. C:/ also meine systemfestplatte ist clean. Außer der Warnung. Oder ist das auch komsich? Oder muss ich direkt c und e formatieren und windows neu aufsetzten? Puuh bin überfragt |
06.02.2013, 14:04 | #6 |
/// Malware-holic | Neuer Fund - TR/Krytik.ail hi wie das ins Backup gekommen ist, kann ich dir leider nicht beantworten, lösch das erst mal und wir gucken uns den PC mal an. Ne bitte hätte ich. Wenn du solche unbekannten Mails bekommst, kannst du die an die Adresse in meiner Signatur weiterleiten, wir benötigen soetwas zur Analyse, und senden dann unbekannte Dateien ein, das hilft allen, ihren Schutz zu verbessern. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ --> Neuer Fund - TR/Krytik.ail |
06.02.2013, 14:10 | #7 |
| Neuer Fund - TR/Krytik.ail Danke Markus für die schnelle Hilfe. Also 1) Backup unterverzeichnisse löschen 2) deinen link bzw Anweisung befolgen und scan. Was mache ich mit der Datei die bei avira in der Quarantäne ist? Auch löschen? 3) dann poste ich das. Bin gerade unterwegs. Bist du heute Abend auch online? Danke |
06.02.2013, 14:11 | #8 |
/// Malware-holic | Neuer Fund - TR/Krytik.ail 1. ja löschen die Datei in Avira quarantäne kannst du da lassen oder löschen, wie du willst. Heute abend bin ich bestimmt online, wenn nicht morgen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 19:10 | #9 |
| Neuer Fund - TR/Krytik.ail HI MArkus, dass ist der LOG ! Habe den Backup Ordner gelöscht. Werde gleich nochmal C und E scanne mit Avira. Code:
ATTFilter OTL logfile created on: 06.02.2013 18:57:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,73% Memory free 15,99 Gb Paging File | 14,01 Gb Available in Paging File | 87,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 102,54 Gb Total Space | 39,24 Gb Free Space | 38,26% Space Free | Partition Type: NTFS Drive D: | 600,59 Gb Total Space | 397,31 Gb Free Space | 66,15% Space Free | Partition Type: NTFS Drive E: | 228,29 Gb Total Space | 202,07 Gb Free Space | 88,52% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 1463,33 Gb Free Space | 78,55% Space Free | Partition Type: NTFS Drive N: | 1397,26 Gb Total Space | 718,35 Gb Free Space | 51,41% Space Free | Partition Type: NTFS Drive Y: | 1851,41 Gb Total Space | 1001,92 Gb Free Space | 54,12% Space Free | Partition Type: NTFS Drive Z: | 1851,41 Gb Total Space | 1001,92 Gb Free Space | 54,12% Space Free | Partition Type: NTFS Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.06 18:54:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe PRC - [2013.02.05 22:29:27 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.05 22:29:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.05 22:29:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.07.21 14:11:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.07.21 14:11:31 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.12.23 10:41:36 | 003,304,768 | ---- | M] (devolo AG) -- E:\devolo\dlan\devolonetsvc.exe PRC - [2010.10.05 14:28:12 | 001,060,352 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.02.06 12:55:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.05 22:29:27 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.05 22:29:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.25 15:33:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.21 14:11:42 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.07.21 14:11:31 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- E:\TU2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR) SRV - [2010.12.23 10:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- E:\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.10.05 14:28:12 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010.10.05 14:27:44 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010.10.05 14:25:34 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.05 22:29:38 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.05 22:29:38 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.05 22:29:38 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.29 23:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 15:40:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.08.04 16:54:07 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2010.07.09 12:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:64bit: - [2010.05.15 14:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2010.05.06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- E:\TU2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0) DRV - [2010.06.10 11:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 41 1F AB 2D DF CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8FD9288C-1710-455D-8B3A-BD4F77C8015F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{9C46914A-9243-4EA2-B369-0086C19FB951}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:6765 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: %7BE4091D66-127C-11DB-903A-DE80D2EFDFE8%7D:1.6.5.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: E:\MEdia Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Philipp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: E:\Firefox\components [2013.02.06 12:55:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: E:\Firefox\plugins [2012.05.16 12:51:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: E:\Thunderbird\components [2012.11.06 10:59:50 | 000,000,000 | ---D | M] [2012.12.11 16:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2012.12.11 16:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com [2013.02.06 18:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\l9a3tk22.default\extensions [2012.10.16 17:49:22 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\l9a3tk22.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013.02.01 00:26:11 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\l9a3tk22.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2011.10.13 16:34:47 | 000,000,795 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] E:\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Mit Mipony herunterladen - file://E:\MiPony\Browser\IEContext.htm File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Mit Mipony herunterladen - file://E:\MiPony\Browser\IEContext.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C056057-74C7-463B-AF92-D9F62DCE7CD6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O27:64bit: - HKLM IFEO\crysis.exe: Debugger - E:\TU2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\crysis2.exe: Debugger - E:\TU2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\crysis.exe: Debugger - E:\TU2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\crysis2.exe: Debugger - E:\TU2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.02 02:11:35 | 000,000,000 | RH-D | M] - N:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.17 03:56:50 | 000,000,036 | RH-- | M] () - N:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{343edf80-5f0b-11e1-85ad-485b39caa770}\Shell - "" = AutoRun O33 - MountPoints2\{343edf80-5f0b-11e1-85ad-485b39caa770}\Shell\AutoRun\command - "" = H:\CMADownloader.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 18:34:14 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2013.02.05 22:48:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2013.02.05 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.05 22:48:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.05 22:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.05 22:48:20 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs [2013.02.05 22:36:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira [2013.02.05 22:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.05 22:34:54 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.05 22:34:54 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.05 22:34:54 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.05 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.25 18:07:17 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\SimCity [2013.01.25 18:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ Closed Beta [2013.01.25 18:05:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.01.22 21:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nike+ Connect [2013.01.21 20:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike [2013.01.21 20:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nike [2013.01.19 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\roomeon [2013.01.19 18:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.19 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.01.19 18:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.01.19 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2010.11.26 15:40:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 18:21:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.06 18:14:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 18:14:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 18:06:42 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.06 18:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 13:21:03 | 000,001,205 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk [2013.02.05 22:48:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 22:35:07 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.05 22:29:38 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.05 22:29:38 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.05 22:29:38 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.31 23:28:19 | 001,785,024 | ---- | M] () -- C:\Users\Philipp\Documents\IMG_2662.JPG [2013.01.31 23:28:06 | 001,560,879 | ---- | M] () -- C:\Users\Philipp\Documents\IMG_2661.JPG [2013.01.31 23:27:26 | 001,797,314 | ---- | M] () -- C:\Users\Philipp\Documents\IMG_2660.JPG [2013.01.30 20:29:29 | 000,071,313 | ---- | M] () -- C:\Users\Philipp\Documents\Detailansicht - Fddb.pdf [2013.01.30 20:27:19 | 000,097,221 | ---- | M] () -- C:\Users\Philipp\Documents\Ernährungstagebuch - Fddb.pdf [2013.01.25 18:05:28 | 000,001,362 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™ Closed Beta.lnk [2013.01.23 21:17:30 | 002,951,647 | -H-- | M] () -- C:\Users\Philipp\Documents\PP11Thumbs.ptn [2013.01.23 21:17:30 | 000,001,523 | -H-- | M] () -- C:\Users\Philipp\Documents\PP11Thumbs.ptn2 [2013.01.23 21:17:29 | 000,002,641 | -H-- | M] () -- C:\Users\Philipp\Documents\maxdesk.ini2 [2013.01.23 21:10:09 | 000,379,490 | ---- | M] () -- C:\Users\Philipp\Documents\Front.pdf [2013.01.23 21:08:57 | 000,401,138 | ---- | M] () -- C:\Users\Philipp\Documents\Von Oben.pdf [2013.01.19 18:28:15 | 000,195,033 | ---- | M] () -- C:\Users\Philipp\Desktop\D 6-8 II.OG Links Grundriss.pdf [2013.01.17 16:57:27 | 000,885,188 | ---- | M] () -- C:\Users\Philipp\Documents\Apologies Example 2.pdf [2013.01.17 16:55:15 | 000,811,906 | ---- | M] () -- C:\Users\Philipp\Documents\Apologie Example.pdf [2013.01.15 22:00:28 | 003,291,487 | ---- | M] () -- C:\Users\Philipp\Documents\Ausweise.pdf [2013.01.15 21:57:33 | 000,403,778 | ---- | M] () -- C:\Users\Philipp\Documents\Bafög 3von3.pdf [2013.01.15 21:56:52 | 000,261,902 | ---- | M] () -- C:\Users\Philipp\Documents\Bafög 2von3.pdf [2013.01.15 21:56:28 | 000,530,984 | ---- | M] () -- C:\Users\Philipp\Documents\Bafög 1von3.pdf [2013.01.15 21:55:06 | 002,640,769 | ---- | M] () -- C:\Users\Philipp\Documents\Mieterselbstauskunft.pdf [2013.01.15 20:04:34 | 004,339,662 | ---- | M] () -- C:\Users\Philipp\Documents\Vodafone 3.pdf [2013.01.15 20:03:30 | 002,144,201 | ---- | M] () -- C:\Users\Philipp\Documents\Vodafone 2.pdf [2013.01.15 20:01:29 | 002,497,212 | ---- | M] () -- C:\Users\Philipp\Documents\Vodafone 1.pdf [2013.01.13 16:31:20 | 000,739,357 | ---- | M] () -- C:\Users\Philipp\Documents\Hirschamnn.pdf [2013.01.10 22:58:04 | 001,629,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.10 22:58:04 | 000,700,858 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.10 22:58:04 | 000,662,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.10 22:58:04 | 000,147,544 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.10 22:58:04 | 000,123,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.10 09:33:47 | 005,010,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 22:48:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 22:35:07 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.01 00:24:47 | 001,797,314 | ---- | C] () -- C:\Users\Philipp\Documents\IMG_2660.JPG [2013.02.01 00:24:47 | 001,785,024 | ---- | C] () -- C:\Users\Philipp\Documents\IMG_2662.JPG [2013.02.01 00:24:47 | 001,560,879 | ---- | C] () -- C:\Users\Philipp\Documents\IMG_2661.JPG [2013.01.30 20:29:29 | 000,071,313 | ---- | C] () -- C:\Users\Philipp\Documents\Detailansicht - Fddb.pdf [2013.01.30 20:27:18 | 000,097,221 | ---- | C] () -- C:\Users\Philipp\Documents\Ernährungstagebuch - Fddb.pdf [2013.01.25 18:05:28 | 000,001,362 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™ Closed Beta.lnk [2013.01.23 21:09:21 | 000,379,490 | ---- | C] () -- C:\Users\Philipp\Documents\Front.pdf [2013.01.23 21:08:07 | 000,401,138 | ---- | C] () -- C:\Users\Philipp\Documents\Von Oben.pdf [2013.01.19 18:28:14 | 000,195,033 | ---- | C] () -- C:\Users\Philipp\Desktop\D 6-8 II.OG Links Grundriss.pdf [2013.01.17 16:57:26 | 000,885,188 | ---- | C] () -- C:\Users\Philipp\Documents\Apologies Example 2.pdf [2013.01.17 16:55:15 | 000,811,906 | ---- | C] () -- C:\Users\Philipp\Documents\Apologie Example.pdf [2013.01.15 22:00:25 | 003,291,487 | ---- | C] () -- C:\Users\Philipp\Documents\Ausweise.pdf [2013.01.15 21:57:33 | 000,403,778 | ---- | C] () -- C:\Users\Philipp\Documents\Bafög 3von3.pdf [2013.01.15 21:56:51 | 000,261,902 | ---- | C] () -- C:\Users\Philipp\Documents\Bafög 2von3.pdf [2013.01.15 21:56:28 | 000,530,984 | ---- | C] () -- C:\Users\Philipp\Documents\Bafög 1von3.pdf [2013.01.15 21:54:58 | 002,640,769 | ---- | C] () -- C:\Users\Philipp\Documents\Mieterselbstauskunft.pdf [2013.01.15 20:04:32 | 004,339,662 | ---- | C] () -- C:\Users\Philipp\Documents\Vodafone 3.pdf [2013.01.15 20:03:29 | 002,144,201 | ---- | C] () -- C:\Users\Philipp\Documents\Vodafone 2.pdf [2013.01.15 20:01:27 | 002,497,212 | ---- | C] () -- C:\Users\Philipp\Documents\Vodafone 1.pdf [2013.01.13 16:31:18 | 000,739,357 | ---- | C] () -- C:\Users\Philipp\Documents\Hirschamnn.pdf [2012.10.08 15:40:55 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat [2012.07.21 14:11:33 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.21 14:11:31 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.07.21 14:11:31 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.06.08 09:45:51 | 000,000,600 | ---- | C] () -- C:\Users\Philipp\AppData\Local\PUTTY.RND [2012.06.06 18:40:33 | 000,000,352 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Network Meter_Settings.ini [2012.05.09 13:03:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.21 13:06:54 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.20 17:06:57 | 000,000,861 | ---- | C] () -- C:\Users\Philipp\.recently-used.xbel [2011.12.03 13:26:25 | 000,000,032 | ---- | C] () -- C:\Users\Philipp\.simfy [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.10 23:53:59 | 000,000,021 | ---- | C] () -- C:\Users\Philipp\AppData\Local\mc.pixel.data [2011.08.18 11:38:43 | 000,000,053 | ---- | C] () -- C:\Windows\DVDFab.INI [2011.08.18 10:59:09 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.04.06 18:20:34 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.26 15:40:24 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\inst.exe [2010.11.26 15:40:24 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.cat [2010.11.26 15:40:24 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf [2010.08.17 21:52:37 | 000,007,598 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.15 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Amazon [2010.11.06 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AnvSoft [2011.07.29 18:45:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ashampoo [2011.05.11 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\avidemux [2010.12.17 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\calibre [2012.09.04 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.05.14 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Day 1 Studios [2012.07.31 18:09:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DiskAid [2013.02.05 23:51:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2012.06.08 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDFab [2012.10.10 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft [2012.07.21 11:50:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.13 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\e-academy Inc [2012.11.28 18:42:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Electronic Arts [2012.12.11 16:55:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Flickr [2012.11.15 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeFileSync [2012.01.15 16:08:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Garmin [2012.10.19 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GetRightToGo [2012.03.07 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GHISLER [2011.12.20 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2012.03.08 15:17:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HandBrake [2013.02.05 22:51:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\KeePass [2011.03.18 15:57:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAGIX [2011.05.11 14:48:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MioNetApplet [2010.08.09 16:19:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Miranda [2010.11.15 16:23:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mp3tag [2012.07.02 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\NeoDownloader [2011.05.19 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Neoretix [2010.08.04 20:26:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org [2012.12.14 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin [2011.05.10 15:06:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PMS [2012.05.09 13:27:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Red Alert 3 [2010.11.04 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ScanSoft [2011.09.21 12:57:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Simfy [2011.02.10 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony [2013.02.05 14:46:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Spotify [2012.09.04 21:00:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.09.05 15:24:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2012.07.19 13:23:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software [2012.10.19 00:06:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft [2011.07.11 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ulead Systems [2010.11.26 15:57:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso [2011.09.11 01:24:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WDC [2011.07.20 15:05:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Xilisoft [2011.07.20 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.04 17:05:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.03.06 14:37:40 | 000,000,000 | ---D | M] -- C:\AMD [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.04 16:49:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.07.02 10:55:47 | 000,000,000 | ---D | M] -- C:\Downloads [2012.01.15 16:05:30 | 000,000,000 | ---D | M] -- C:\Garmin [2011.09.19 16:26:45 | 000,000,000 | -H-D | M] -- C:\jexepackres [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.12 10:51:43 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.06 08:41:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.05 22:48:28 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.08.04 16:49:30 | 000,000,000 | -HSD | M] -- C:\Programme [2010.08.04 16:49:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.06 18:58:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.18 11:00:27 | 000,000,000 | ---D | M] -- C:\Temp [2011.04.08 16:41:25 | 000,000,000 | R--D | M] -- C:\Users [2012.05.08 10:56:51 | 000,000,000 | ---D | M] -- C:\Westwood [2013.02.06 18:34:14 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.20 17:22:13 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.01.20 17:22:14 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.20 17:06:57 | 000,000,861 | ---- | M] () -- C:\Users\Philipp\.recently-used.xbel [2011.12.03 13:26:25 | 000,000,032 | ---- | M] () -- C:\Users\Philipp\.simfy [2013.02.06 19:06:22 | 004,718,592 | ---- | M] () -- C:\Users\Philipp\NTUSER.DAT [2013.02.06 19:06:22 | 000,262,144 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG1 [2010.08.04 16:49:38 | 000,000,000 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG2 [2011.11.12 15:32:04 | 000,000,000 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT_tureg_new.LOG1 [2011.11.12 15:32:04 | 000,000,000 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT_tureg_new.LOG2 [2011.11.12 15:29:39 | 003,670,016 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT_tureg_old [2010.08.04 16:58:09 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.08.04 16:58:09 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.08.04 16:58:09 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.01.08 21:10:25 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{dd7c8962-0d3a-11e1-9330-806e6f6e6963}.TM.blf [2013.01.08 21:10:25 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{dd7c8962-0d3a-11e1-9330-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2011.11.12 17:32:03 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{dd7c8962-0d3a-11e1-9330-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.08.04 16:49:38 | 000,000,020 | -HS- | M] () -- C:\Users\Philipp\ntuser.ini [2010.11.04 16:26:28 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.02.2013 18:57:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,73% Memory free 15,99 Gb Paging File | 14,01 Gb Available in Paging File | 87,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 102,54 Gb Total Space | 39,24 Gb Free Space | 38,26% Space Free | Partition Type: NTFS Drive D: | 600,59 Gb Total Space | 397,31 Gb Free Space | 66,15% Space Free | Partition Type: NTFS Drive E: | 228,29 Gb Total Space | 202,07 Gb Free Space | 88,52% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 1463,33 Gb Free Space | 78,55% Space Free | Partition Type: NTFS Drive N: | 1397,26 Gb Total Space | 718,35 Gb Free Space | 51,41% Space Free | Partition Type: NTFS Drive Y: | 1851,41 Gb Total Space | 1001,92 Gb Free Space | 54,12% Space Free | Partition Type: NTFS Drive Z: | 1851,41 Gb Total Space | 1001,92 Gb Free Space | 54,12% Space Free | Partition Type: NTFS Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002CD28C-43CD-41C2-AC54-8FD00616560F}" = rport=445 | protocol=6 | dir=out | app=system | "{005A7D2A-33B2-42B5-81E3-8EABD2246C93}" = lport=19376 | protocol=6 | dir=in | app=e:\devolo\dlan\devolonetsvc.exe | "{019431D0-B83F-4350-B29D-7FD2E1D300B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{03A0A7DE-00E4-4344-95E3-0419F8E0A67A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3515D9E8-AC8F-4C36-A627-461FA83B0546}" = lport=138 | protocol=17 | dir=in | app=system | "{49963E26-F1EE-47A7-9FD7-B889186B23DC}" = rport=139 | protocol=6 | dir=out | app=system | "{6CB90565-DE27-4145-AA3D-9796E0E44E15}" = rport=137 | protocol=17 | dir=out | app=system | "{800A0227-DD2F-41D2-BFA4-82B3F8CF5C0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{95C46DE1-1F3E-4771-8BAF-B6D2E1D7C5A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A0E57F06-0177-4B0D-A47E-F310BC599EF5}" = lport=139 | protocol=6 | dir=in | app=system | "{CF42B5AF-90A5-454F-9D27-E3EC3E536FE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DBF21710-3D95-4695-B363-5E65E56D4861}" = rport=138 | protocol=17 | dir=out | app=system | "{E4B38869-85ED-440F-A231-C430E976FEEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EB908E25-7EE6-40F4-B2F3-9E69332214D1}" = lport=137 | protocol=17 | dir=in | app=system | "{EDD30D19-6981-4C9E-89A2-FD1C5E960AA2}" = lport=445 | protocol=6 | dir=in | app=system | "{FA335EA1-623F-4774-8EBB-F3C60857DC23}" = lport=19375 | protocol=17 | dir=in | app=e:\devolo\dlan\devolonetsvc.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{022D7FC0-7388-4973-AEC4-12F2B3093552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{02899F53-C6AD-4FA0-A7A1-0897872484B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{041B91F3-191F-4532-8A44-E58750F08836}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{050A4E2C-6322-4C89-9D34-29D81E1CE02A}" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | "{077417DA-E5BE-4BBC-A3E0-BD2A29CE00A4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{0DDD459E-0088-4B56-AA4F-11001E113E32}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{15897151-B111-4245-9AAC-1926B9902D02}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{176A5FF9-140B-42D9-9686-2B20B0133937}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\just cause 2\justcause2.exe | "{1A5E173C-03A9-4DCD-94EB-2222BCB5EE48}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{1D2FDB0F-FCF5-4345-BBF1-9A1C83633CA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1D311DEC-E0AC-4B02-A99A-8A9AA3441D9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{22A746E6-7C9D-4479-AD14-F93C7E88A25B}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe | "{26DF899D-A859-4909-BBD6-78F4D9085338}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{33A9BA51-0670-41E1-B957-431B90C7166B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{33EDA1ED-ECE4-45B8-8EB6-B479678E974C}" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | "{36DCC582-2DD6-4C1E-B28F-66B02C505187}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{38ED96E3-2EF5-4BBD-9302-BC61E611FDBD}" = protocol=6 | dir=in | app=d:\crysis\bin32\crysis.exe | "{3E8D04BB-5675-4773-A640-4AEE3BE7A893}" = protocol=17 | dir=in | app=e:\airvideoserver\airvideoserver.exe | "{3F77D79E-B4F3-4BC1-B84A-3E2C8781F88E}" = protocol=17 | dir=in | app=d:\crysis\bin32\crysisdedicatedserver.exe | "{435D668D-A8F6-4081-9673-E7C387CBD673}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{46A9F612-E09D-4B2C-BEE7-195AF6AC8442}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{4C72C985-A418-4DC1-9109-06948F710FFF}" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16939\sc2.exe | "{4E882BDE-12EB-4243-8913-CA73AD883F17}" = protocol=6 | dir=in | app=d:\crysis\bin64\crysisdedicatedserver.exe | "{4EA4F713-ABE5-41CF-849B-04BA6612C457}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{507DBCD6-5BAC-4045-996A-26D1A18DCDC5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{50CE345B-85DD-445B-80F9-21A4CC694B5F}" = protocol=6 | dir=in | app=e:\airvideoserver\airvideoserver.exe | "{51B55FFB-EB37-4551-88E0-90C7B641EFD7}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe | "{556AA3C0-45A6-4DA5-81F6-5C11C8882D5D}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe | "{5C9A5261-FD7E-4C48-A418-36E609A7EBAD}" = protocol=17 | dir=in | app=d:\starcraft ii eng\starcraft ii public test.exe | "{5DCD7043-0271-4DED-8AB3-7D27AAEFABA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5DE5004B-6870-4E55-BA24-BA25DE0CD03E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{5F3A45E0-D88D-4CC8-BBFA-111322B55905}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{6284DB80-17B6-4F81-B982-F705627F2CC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{695440B5-E944-4C64-90DF-C827A7D9B90C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | "{697F8B93-3E8C-4275-927E-55E91E477325}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe | "{7586661B-4A62-4F4C-A640-4F93B2066EFB}" = protocol=6 | dir=in | app=d:\bulletstorm\binaries\win32\shippingpc-stormgame.exe | "{75DAC385-15B8-4472-92E4-8767FC29C42D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7F52A43A-2E4C-435A-9139-6FEBAFC36F39}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{8695D240-F226-4ED0-B0B7-8F9E78B8C5CE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{89045D55-A593-4212-8039-CF6521A09AFD}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | "{8A1F6353-77BD-401A-A092-8D3F5D32B3C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8D75C52D-187A-44CE-B1C2-2DFEDAC68DC5}" = protocol=17 | dir=in | app=d:\bulletstorm\binaries\win32\shippingpc-stormgame.exe | "{90ABFCCE-4058-4248-81AA-D47D43FFF714}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | "{91FD4686-EA17-4207-A1A1-6B46B254DC39}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{92184F24-7842-4B25-A21F-B3F479CFE490}" = protocol=17 | dir=in | app=d:\crysis\bin64\crysisdedicatedserver.exe | "{92D9F48C-071A-4615-AAD9-12F9CBB57307}" = protocol=6 | dir=in | app=d:\crysis\bin32\crysisdedicatedserver.exe | "{9793614B-8C29-4B4E-9BA4-5EF30D8FD70A}" = protocol=6 | dir=in | app=d:\max payne 3\playmaxpayne3.exe | "{991FCB4A-7439-4E11-9D45-DEB0C7A1BB95}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity closed beta\simcity\simcity.exe | "{9ADADB22-3611-4238-B452-DA0EE669ADB4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9CC4CF8B-A88E-481A-AA60-55612A0A3746}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{9E12EABC-ACE8-44DA-BBFF-CE7A4E55C54B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{A1DFC1DB-E3BF-41AF-B3F8-E988314D6E3A}" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base17326\sc2.exe | "{A2A5673C-58D9-4CBA-A6FF-C8C97CD90DAC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | "{A2B0EB59-6165-4E18-8152-9DFE81AC407E}" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16939\sc2.exe | "{A3864292-A35B-451F-B493-30DC52C2DB0A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A46BE017-1D23-4DFD-A24C-7F87E7BBBCAC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{A626D73B-7D41-43B5-A61D-E780C62D8CA1}" = protocol=17 | dir=in | app=d:\starcraft ii eng\starcraft ii.exe | "{A8BDAFF2-28AF-437A-9F4D-313974D02609}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{AAAB00DF-6DCD-4990-9F74-3E0DD09A3E63}" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | "{B217E9EA-EFCF-428B-B883-3C3BBF938F76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B5CBD722-24D4-4B15-931F-56918DEC7576}" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base17326\sc2.exe | "{B8632BE2-2462-43DA-B3B8-946909AEBCF3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{B945A59B-8F28-4650-89AD-7A4E8D9CD27A}" = protocol=17 | dir=in | app=d:\max payne 3\playmaxpayne3.exe | "{B961AAD8-CE38-4672-A191-58DA251BDCE5}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{BC1EA6C4-411A-49D2-BC24-71EB4F387D2D}" = protocol=6 | dir=in | app=e:\airvideoserver\airvideoserver.exe | "{BD19A9E4-A4BC-48A8-8854-3DD54C9853A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BDBA1D2B-25EF-427B-B6A3-D52679115B09}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\just cause 2\justcause2.exe | "{C18D4926-FC75-4B80-B81C-24888385E389}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | "{C557C145-7679-4CE9-8A32-F147F64F8C6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C5E03C42-FFBA-4E53-B0CB-9DA1707F31ED}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{C6FC9381-F2F0-4CEB-91D2-41E3A69B5B3B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | "{CA668F39-CD04-4A02-84AA-4C1C63EE19FE}" = protocol=6 | dir=in | app=d:\crysis\bin64\crysis.exe | "{CFB55F9F-E539-4902-A6E0-C2B132FC5A15}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{D00A18A8-AD91-4C5A-BE05-875B1817345D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{D31DC27B-99C1-4096-80ED-9CAAD612D61A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D37FD7FE-1AA4-4DAE-9BDB-BFFABDBD16CC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity closed beta\simcity\simcity.exe | "{D5E47AA1-9D43-45E0-9E04-31395C32BEFF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{D83889F3-9D93-4F11-A226-C24ADB683E1C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{D9FF7E49-77EF-4162-9247-BF26AAC46750}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DB6250DE-9D7E-4966-8686-204C4C88CFBA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{DE518DB7-2BB3-41D0-A394-C2F866299054}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dxhrml\dxhrml.exe | "{DFE961AE-DCB2-4F92-886A-D7FBA8EED83D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DFF176A3-0DD5-43FA-828C-E6B3C90DD15B}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{E0CC740D-30B8-4064-80E9-C7FA2637F1D3}" = protocol=17 | dir=in | app=d:\crysis\bin64\crysis.exe | "{E17CA016-8B03-4E5F-B143-4B35481C3BC4}" = dir=in | app=e:\itunes\itunes.exe | "{E2689659-9EAE-480A-838A-75C71989F496}" = protocol=17 | dir=in | app=d:\crysis\bin32\crysis.exe | "{E3B5B22C-2EBA-4D48-857A-B88EFEAEACE0}" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | "{E47800D5-7896-4969-9174-1A0D2C34B3B6}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | "{EA65312A-44CB-4D1D-B3A8-8AB1D9DDFF1D}" = protocol=6 | dir=in | app=d:\starcraft ii eng\starcraft ii public test.exe | "{EB15937F-33AF-423F-9266-57AC09A8531E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{EB6E6A33-025D-430A-AD05-A570FCE50D6A}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe | "{F11567F4-96C6-4471-9009-770301611E0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F2F84F90-191A-4978-9C06-4F9D191A53F3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{F5461C15-5D67-4DBD-8259-AEAF20AFBF84}" = protocol=6 | dir=in | app=d:\starcraft ii eng\starcraft ii.exe | "{F59BA688-0D47-4055-81D3-3CF921523887}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe | "{F896D1C4-969C-4E57-B58C-DAA7030EF8B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F960F8D4-D882-498F-AC11-D5EB121E5213}" = protocol=6 | dir=out | app=e:\airvideoserver\airvideoserver.exe | "{FD323847-4181-47BF-BF0B-E90F573572F6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dxhrml\dxhrml.exe | "{FDADF9D5-F0BA-4E37-81FF-AEF326FD74AB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | "{FDE73F33-E076-4CAC-BB11-1BFA641F6D69}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "TCP Query User{081CE67D-9BB5-4C81-BFBD-87EF15F38FE6}D:\alarmstufe rot 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\alarmstufe rot 3\data\ra3_1.12.game | "TCP Query User{24A614B7-AA7C-4691-8790-4E39A2A73252}D:\rf g\rfg.exe" = protocol=6 | dir=in | app=d:\rf g\rfg.exe | "TCP Query User{3600B407-E8C5-4E58-B389-C24BEF7A5D23}D:\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\max payne 3\maxpayne3.exe | "TCP Query User{52EE12D5-01E5-403B-A2E3-94EB70941966}D:\crysis2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\crysis2\bin32\crysis2.exe | "TCP Query User{579D531D-8E00-4DC0-B42F-DE7BA759C4D3}D:\steam\steamapps\philipps1984\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\philipps1984\half-life deathmatch source\hl2.exe | "TCP Query User{6EF19F8D-29D1-48BE-8F97-28A7B3DE88E6}E:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=e:\firefox\plugin-container.exe | "TCP Query User{703CF015-53A4-4BC6-924B-762574A39E62}E:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=e:\starcraft\starcraft.exe | "TCP Query User{75E30CFA-37C9-4918-965E-653C64289E17}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{BD93CF11-CBCE-49FA-BA13-64C178571100}D:\c+c alarmstufe rot 2\gamemd.exe" = protocol=6 | dir=in | app=d:\c+c alarmstufe rot 2\gamemd.exe | "TCP Query User{E173A2C7-14EA-42B3-9D31-63ECCBC083C1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{E724069A-BBC2-4C2D-9270-37DDD4D047D4}E:\qloud server\qloudserver.exe" = protocol=6 | dir=in | app=e:\qloud server\qloudserver.exe | "UDP Query User{1E1538D4-B001-45E3-9273-429CDC024CD6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{1FE11083-DD6C-42F0-895C-7598FF755829}D:\rf g\rfg.exe" = protocol=17 | dir=in | app=d:\rf g\rfg.exe | "UDP Query User{21561369-904A-43FE-B9C2-BE9EC1826425}E:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=e:\firefox\plugin-container.exe | "UDP Query User{22F5AAD4-DA70-46E3-8F52-D7079E02C4EB}E:\qloud server\qloudserver.exe" = protocol=17 | dir=in | app=e:\qloud server\qloudserver.exe | "UDP Query User{32EB4BBB-6A60-466C-9B93-2A5195892CF9}D:\crysis2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\crysis2\bin32\crysis2.exe | "UDP Query User{3BE7FF4C-A0C5-4EAA-8A52-2A58E980F98A}D:\c+c alarmstufe rot 2\gamemd.exe" = protocol=17 | dir=in | app=d:\c+c alarmstufe rot 2\gamemd.exe | "UDP Query User{7BD176BC-8D9F-4226-BF5A-3550E8417FA0}E:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=e:\starcraft\starcraft.exe | "UDP Query User{91E2AE58-2691-448C-82B0-8E5F34A31C7E}D:\steam\steamapps\philipps1984\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\philipps1984\half-life deathmatch source\hl2.exe | "UDP Query User{A719E8FC-9B0E-4EB2-85A8-D49B7720FDFC}D:\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\max payne 3\maxpayne3.exe | "UDP Query User{E44555CE-FE09-4F58-93AE-036FF569A36E}D:\alarmstufe rot 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\alarmstufe rot 3\data\ra3_1.12.game | "UDP Query User{FB650373-A88F-4F29-9549-BAC4B8A7A219}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64 "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B165B42D-0291-D45A-ACE2-D0144CB9FD3E}" = AMD Fuel "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding "{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64 "{D759947B-8C5A-4480-B0DB-FC391F061C85}" = Adobe Photoshop Lightroom 4.3 64-bit "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA72BBFB-C42C-44C1-8555-75B629252DD6}" = WD SmartWare "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55 "Mediencenter Software" = Mediencenter Assistent "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek "{022BC727-ACB7-4C1D-109C-177515714A32}" = AMD VISION Engine Control Center "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish "{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard "{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese "{127F47F3-55C3-425A-98D3-BC485989AB39}" = My Movies Collection Management "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7EEBFF-1D5A-456B-9963-B561ACEAF9F7}_is1" = Qloud Server version 1.6.0.0 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES) "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.107.07010 "{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean "{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic "{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional "{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian "{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A35E37C-BAB1-80E8-8EDE-4B8220381563}" = simfy "{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8D797CA6-C708-4541-B731-779CC9863A07}" = FEAR_Installer_Fix "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro "{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager "{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share "{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Inhaltsmanager-Assistent für PlayStation(R) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB6284F3-308A-4c0b-B2CF-401F78AA8881}" = SimCity™ Closed Beta "{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM "{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy "{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup "{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All "{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Air Video Server" = Air Video Server 2.4.3 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15 "AudibleDownloadManager" = Audible Download Manager "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira Free Antivirus "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Diablo III" = Diablo III "dlancockpit" = devolo dLAN Cockpit "dm-Fotowelt" = dm-Fotowelt "DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt "FastStone Photo Resizer" = FastStone Photo Resizer 3.0 "Flickr Uploadr" = Flickr Uploadr 3.2.1 "Fraps" = Fraps "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 "FreeFileSync" = FreeFileSync 5.9 "GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "HandBrake" = HandBrake 0.9.6 "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.46a "Nike+ Connect" = Nike+ Connect "OpenAL" = OpenAL "Origin" = Origin "Picasa 3" = Picasa 3 "PokerStars.net" = PokerStars.net "PS3 Media Server" = PS3 Media Server "PunkBusterSvc" = PunkBuster Services "Red Alert 2" = Command & Conquer Alarmstufe Rot 2 "Rockstar Games Social Club" = Rockstar Games Social Club "Simfy" = simfy "StarCraft" = StarCraft "StarCraft II" = StarCraft II "Steam App 108710" = Alan Wake "Steam App 19900" = Far Cry 2 "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 21100" = F.E.A.R. 3 "Steam App 22380" = Fallout: New Vegas "Steam App 260" = Counter-Strike: Source Beta "Steam App 28050" = Deus Ex: Human Revolution "Steam App 320" = Half-Life 2: Deathmatch "Steam App 360" = Half-Life Deathmatch: Source "Steam App 380" = Half-Life 2: Episode One "Steam App 43110" = Metro 2033 "Steam App 50130" = Mafia II "Steam App 730" = Counter-Strike: Global Offensive "Steam App 745" = Counter-Strike: Global Offensive - SDK "Steam App 8190" = Just Cause 2 "Steam App 91310" = Dead Island "TuneUp Utilities 2012" = TuneUp Utilities 2012 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood "Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.02.2012 12:07:20 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.02.2012 13:07:39 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.02.2012 14:10:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.02.2012 15:05:05 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.02.2012 16:12:47 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.02.2012 17:01:46 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.02.2012 17:14:28 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.02.2012 18:01:42 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.02.2012 19:14:32 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.02.2012 20:03:54 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 04.02.2013 05:27:32 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.02.2013 13:29:08 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.02.2013 13:29:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.02.2013 09:05:20 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.02.2013 09:06:14 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.02.2013 17:33:19 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.02.2013 17:33:58 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.02.2013 18:40:59 | Computer Name = Philipp-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 06.02.2013 03:33:54 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.02.2013 13:06:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
07.02.2013, 13:21 | #10 |
/// Malware-holic | Neuer Fund - TR/Krytik.ail bitte mache nur genannte scans. nichts anderes. otl fix Fixen mit OTL
Code:
ATTFilter :OTL O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. :files :Commands [emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Neuer Fund - TR/Krytik.ail |
check, csrss.exe, datei, desktop, explorer.exe, februar 2013, free, home, infizierte, lsass.exe, löschen, modul, namen, ntdll.dll, ntoskrnl.exe, ordner, programm, prozesse, regback, registry, spoolsv.exe, svchost.exe, system32, taskhost.exe, warnung, windows, winlogon.exe, wmp, wuauclt.exe |