![]() |
|
Plagegeister aller Art und deren Bekämpfung: Java/Treams.JO in Quarantäne, PC wieder sicher?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo zusammen, Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt. Da ich nicht weiss was der macht und wo der herkommt wollte ich hier um Rat fragen wie ich mir sicher sein kann, dass mein PC nun wieder sicher benutzbar ist (wird u.A. für Banking, Einkäufe etc. verwendet, neu aufsetzen wäre aber eine mittlere Katastrophe ![]() Kleine Anmerkung, Ich habe weder vor dem Avira Scan noch danach irgendeine Beeinträchtigung meines PCs durch den Virus gemerkt. Ich habe nun schon in meinem Aktionismus ein paar Schritte gemacht, die hier im Forum unter http://www.trojaner-board.de/129212-...ereinigen.html beschrieben sind. Z.B. mbar, aswMBR, TDSS-Killer und adwCleaner. Während die ersten drei nichts besonderes gezeigt haben (deswegen kein Log im Beitrag), war adwCleaner ziemlich voll (wohl "Standardmüll", siehe gaaanz unten). Ansonsten habe ich zu dem Virus garnix gefunden, nichtmal Avira hatte eine Beschreibung davon. ![]() Hier die hoffentlich hilfreichen Logs: Avira Log: Code:
ATTFilter Avira Internet Security 2012 Erstellungsdatum der Reportdatei: Dienstag, 12. Februar 2013 12:04 Es wird nach 4995143 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Holger Marten Seriennummer : 2220724714-ISECE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Hugomatic Computername : HUGOMATIC-PC Versionsinformationen: BUILD.DAT : 12.1.9.1197 48681 Bytes 11.10.2012 15:22:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 13.11.2012 17:59:36 AVSCAN.DLL : 12.3.0.15 66256 Bytes 15.05.2012 19:09:17 LUKE.DLL : 12.3.0.15 68304 Bytes 15.05.2012 19:09:18 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 12.05.2012 13:01:31 AVREG.DLL : 12.3.0.17 232200 Bytes 12.05.2012 13:01:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 12:57:26 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 12:58:05 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 12:58:47 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:59:00 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:59:12 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 08:06:08 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 11:07:18 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:07:53 VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 12:11:51 VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 12:11:52 VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 12:11:52 VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 12:11:52 VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 12:11:52 VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 08:11:34 VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 08:11:35 VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 16:11:31 VBASE016.VDF : 7.11.60.178 2048 Bytes 11.02.2013 16:11:32 VBASE017.VDF : 7.11.60.179 2048 Bytes 11.02.2013 16:11:32 VBASE018.VDF : 7.11.60.180 2048 Bytes 11.02.2013 16:11:32 VBASE019.VDF : 7.11.60.181 2048 Bytes 11.02.2013 16:11:32 VBASE020.VDF : 7.11.60.182 2048 Bytes 11.02.2013 16:11:32 VBASE021.VDF : 7.11.60.183 2048 Bytes 11.02.2013 16:11:32 VBASE022.VDF : 7.11.60.184 2048 Bytes 11.02.2013 16:11:32 VBASE023.VDF : 7.11.60.185 2048 Bytes 11.02.2013 16:11:32 VBASE024.VDF : 7.11.60.186 2048 Bytes 11.02.2013 16:11:32 VBASE025.VDF : 7.11.60.187 2048 Bytes 11.02.2013 16:11:32 VBASE026.VDF : 7.11.60.188 2048 Bytes 11.02.2013 16:11:32 VBASE027.VDF : 7.11.60.189 2048 Bytes 11.02.2013 16:11:33 VBASE028.VDF : 7.11.60.190 2048 Bytes 11.02.2013 16:11:33 VBASE029.VDF : 7.11.60.191 2048 Bytes 11.02.2013 16:11:33 VBASE030.VDF : 7.11.60.192 2048 Bytes 11.02.2013 16:11:33 VBASE031.VDF : 7.11.60.214 102400 Bytes 12.02.2013 10:11:28 Engineversion : 8.2.10.250 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:05:15 AESCRIPT.DLL : 8.1.4.88 471417 Bytes 08.02.2013 08:11:32 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 20:07:53 AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:05:21 AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 14:08:02 AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 16:07:59 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 16:06:44 AEHEUR.DLL : 8.1.4.198 5751159 Bytes 08.02.2013 08:11:32 AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 15:07:17 AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 16:11:23 AEEXP.DLL : 8.3.0.24 188787 Bytes 11.02.2013 08:11:36 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:05:14 AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 20:07:51 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 16:06:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 15.05.2012 19:09:17 AVPREF.DLL : 12.3.0.32 50720 Bytes 13.11.2012 17:59:36 AVREP.DLL : 12.3.0.15 179208 Bytes 12.05.2012 13:01:31 AVARKT.DLL : 12.3.0.33 209696 Bytes 13.11.2012 17:59:34 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 15.05.2012 19:09:17 SQLITE3.DLL : 3.7.0.1 398288 Bytes 15.05.2012 19:09:18 AVSMTP.DLL : 12.3.0.32 63992 Bytes 01.08.2012 09:05:32 NETNT.DLL : 12.3.0.15 17104 Bytes 15.05.2012 19:09:18 RCIMAGE.DLL : 12.3.0.31 4819704 Bytes 01.08.2012 09:05:26 RCTEXT.DLL : 12.3.0.32 98848 Bytes 13.11.2012 17:59:31 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 12. Februar 2013 12:04 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '123' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'AlienFXHook32Mngr.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'AlienFusionController.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'PerfTuneService.exe' - '105' Modul(e) wurden durchsucht Durchsuche Prozess 'wlansrv.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'sftservice.EXE' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'brs.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVD8Serv.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'PBN.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'AlienwareAlienFXController.exe' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1737' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp [0] Archivtyp: ZIP --> Asdf3cvR55.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Pesur.BT.1 --> fYGVBJHGHJH666.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dermit.GU.1 --> kalibton.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Karamel.CC --> qDSJHFJHSDFGDSIKFJHD.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JM --> S2394834djskfh.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JN --> triton.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3 --> XLR.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3 --> ZHJGJG7778HGYU7Y8.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO Beginne mit der Desinfektion: C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '564a9f93.qua' verschoben! Ende des Suchlaufs: Dienstag, 12. Februar 2013 13:07 Benötigte Zeit: 58:09 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 28198 Verzeichnisse wurden überprüft 726141 Dateien wurden geprüft 8 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 726133 Dateien ohne Befall 3760 Archive wurden durchsucht 0 Warnungen 1 Hinweise 563004 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hugomatic :: HUGOMATIC-PC [Administrator] Schutz: Aktiviert 13.02.2013 10:31:43 mbam-log-2013-02-13 (10-31-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 380246 Laufzeit: 47 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 13.02.2013 12:09:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,72% Memory free 11,98 Gb Paging File | 10,14 Gb Available in Paging File | 84,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,04 Gb Total Space | 202,60 Gb Free Space | 44,33% Space Free | Partition Type: NTFS Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware) PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll () ========== Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/ IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data] IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\World of Warcraft Setup.exe" O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell - "" = AutoRun O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 11:59:51 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs [2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes [2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs [2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar [2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.13 11:59:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 11:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 11:59:41 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.13 11:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt [2013.02.12 17:13:47 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 17:13:47 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 17:13:47 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 17:13:47 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 17:13:47 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt [2012.09.10 15:55:03 | 000,060,304 | ---- | C] () -- C:\Users\Hugomatic\g2mdlhlpx.exe [2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg [2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.28 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Canon [2010.01.06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\CheckPoint [2012.08.01 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\OpenOffice.org [2010.07.13 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\ProtectDisc [2011.11.04 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\PunkBuster [2010.03.09 19:27:51 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Ubisoft [2012.09.10 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\WH SELFINVEST ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 08:49:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,36 Gb Available Physical Memory | 72,82% Memory free 11,98 Gb Paging File | 9,89 Gb Available in Paging File | 82,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,04 Gb Total Space | 205,25 Gb Free Space | 44,91% Space Free | Partition Type: NTFS Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe | "{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | "{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | "{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | "{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | "{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | "{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | "{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | "{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe | "{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | "{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | "{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | "{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64 "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center "{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CanonMyPrinter" = Canon My Printer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SMBus" = Intel(R) SMBus "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New "{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light "{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy "{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins "{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian "{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation "{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian "{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional "{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish "{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French "{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English "{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common "{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech "{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help "{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Internet Security 2012 "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung "CANONIJPLM100" = PIXMA Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Diablo III" = Diablo III "DPP" = Canon Utilities Digital Photo Professional 3.9 "Drakensang_is1" = Drakensang "Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit "EA Download Manager" = EA Download Manager "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "EOS Utility" = Canon Utilities EOS Utility "Google Chrome" = Google Chrome "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Two Worlds II" = Two Worlds II "WFTK" = Canon Utilities WFT Utility "World of Warcraft" = World of Warcraft "YTdetect" = Yahoo! Detect "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 "InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.02.2013 08:14:43 | Computer Name = Hugomatic-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 77c Startzeit: 01ce052c944ed2d1 Endzeit: 8 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 07.02.2013 10:18:44 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-07, 15:18:44.0301108 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 08.02.2013 02:57:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-08, 07:57:50.1221000 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 11.02.2013 03:24:37 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-11, 08:24:37.8419108 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 11.02.2013 10:13:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-11, 15:13:50.1033078 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 12.02.2013 03:14:04 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-12, 08:14:04.0538929 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 12.02.2013 07:01:46 | Computer Name = Hugomatic-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Wow-64.exe, Version: 5.1.0.16357, Zeitstempel: 0x50bd644f Name des fehlerhaften Moduls: Wow-64.exe, Version: 5.1.0.16357, Zeitstempel: 0x50bd644f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004d6e93 ID des fehlerhaften Prozesses: 0x3ec Startzeit der fehlerhaften Anwendung: 0x01ce08f65f038f32 Pfad der fehlerhaften Anwendung: C:\Users\Public\Games\World of Warcraft\Wow-64.exe Pfad des fehlerhaften Moduls: C:\Users\Public\Games\World of Warcraft\Wow-64.exe Berichtskennung: 9720347a-7503-11e2-825b-9444526e6ad1 Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-12, 16:51:55.1197035 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-13, 08:04:05.0924871 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0 Description = ------------------------------------------------------------------------------ 2013-02-13, 08:39:29.0157028 : Error : Unhandled exception detected while executing virtual device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR) : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1 errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned, List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor() bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart() [ System Events ] Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3 Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3 Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Alienware Fusion Service erreicht. Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-13 11:58:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB Running: gmer_2.0.18454.exe; Driver: C:\Users\HUGOMA~1\AppData\Local\Temp\fwriruog.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75] .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75] .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000725617fa 2 bytes [56, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072561860 2 bytes [56, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072561942 2 bytes [56, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007256194d 2 bytes [56, 72] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75] ---- EOF - GMER 2.0 ---- Code:
ATTFilter # AdwCleaner v2.112 - Datei am 13/02/2013 um 08:35:25 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Hugomatic - HUGOMATIC-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Hugomatic\Downloads\adwcleaner0.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\APN Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\Conduit Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\Conduit Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2645238 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\Hugomatic\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [5805 octets] - [13/02/2013 08:35:25] ########## EOF - C:\AdwCleaner[R1].txt - [5865 octets] ########## Vielleicht kann mir jemand noch Tipps geben, ob ich noch etwas überprüfen sollte. Bis dahin Viele Grüße |
Themen zu Java/Treams.JO in Quarantäne, PC wieder sicher? |
antivir, appdatalow, aswmbr, autorun, avira, bho, browser, canon, desktop, error, februar 2013, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, internet, internet browser, logfile, neu aufsetzen, object, plug-in, programm, realtek, registrierungsdatenbank, registry, rundll, security, software, virus, windows |