| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox sowie Internet Explorer starten nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2013, 22:20
| #16 |
| /// Malware-holic   |  Firefox sowie Internet Explorer starten nicht mehr nein, sonst hätt ich das geschrieben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:29
| #17 |
 | Firefox sowie Internet Explorer starten nicht mehr oke hier sind die neuen OLT loggs
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.03.2013 22:15:36 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 14,24 Gb Available Physical Memory | 89,23% Memory free 31,92 Gb Paging File | 30,04 Gb Available in Paging File | 94,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,83 Gb Total Space | 29,44 Gb Free Space | 19,78% Space Free | Partition Type: NTFS Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) PRC - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\SysWOW64\ASDR.exe () PRC - C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll () MOD - C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll () ========== Services (SafeList) ========== SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.) SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (ASDR) -- C:\Windows\SysWOW64\ASDR.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.) DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC) DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Users\Johannes\Desktop\Programme\Real Temp\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 33 7D 7C B7 BA CD 01 [binary data] IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{1C556991-94AD-44e8-ADF6-0448D784C024}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{7E54566A-08E5-4d90-A488-A59839D306D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{D063C8A7-A367-4420-864F-AA5FA4F547EB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.04 17:33:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.03 18:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.02.04 17:33:00 | 000,000,000 | ---D | M] [2012.11.04 19:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2013.03.03 18:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\vpxo1osk.default\extensions [2013.03.03 18:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - Extension: Angry Birds = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Docs = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Cut the Rope = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\ CHR - Extension: Plants vs Zombies = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.03 20:33:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63CD16F-1B95-45EF-AFF9-5AAAA49E1DA1}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 21:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.04 21:26:01 | 009,565,552 | ---- | C] (SurfRight B.V.) -- C:\Users\Johannes\Desktop\HitmanPro_x64.exe [2013.03.04 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.04 20:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.04 17:19:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.03 20:29:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.03 20:29:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.03 20:29:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.03 20:29:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.03 20:29:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.03 19:41:14 | 005,036,301 | R--- | C] (Swearware) -- C:\Users\Johannes\Desktop\ComboFix.exe [2013.03.03 18:44:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johannes\Desktop\tdsskiller.exe [2013.03.03 18:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.03 17:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.03 17:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.03 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Google [2013.03.01 00:39:45 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.03.01 00:39:44 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.03.01 00:39:41 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.03.01 00:39:41 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.03.01 00:39:41 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.03.01 00:39:41 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.03.01 00:39:41 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.03.01 00:39:41 | 000,963,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.03.01 00:39:41 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.03.01 00:39:41 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.03.01 00:39:39 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.03.01 00:39:39 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.03.01 00:39:39 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.03.01 00:39:39 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.03.01 00:39:39 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.03.01 00:39:39 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.03.01 00:39:39 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.03.01 00:39:39 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.03.01 00:39:39 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.03.01 00:39:32 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.03.01 00:39:32 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.03.01 00:11:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013.02.28 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\backups [2013.02.28 22:30:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Johannes\Desktop\HiJackThis204.exe [2013.02.28 01:24:54 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 01:24:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 01:24:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 01:24:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 01:24:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 01:24:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 01:24:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 01:24:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 01:24:42 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 01:24:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 01:24:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 01:24:42 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 01:24:42 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 01:24:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 01:24:42 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 01:24:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 01:24:42 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 01:24:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 01:24:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 01:24:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 01:24:42 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 01:24:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:24:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:24:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:24:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:24:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:24:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:24:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:24:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:24:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:24:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 01:24:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.25 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.02.25 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2013.02.13 23:35:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 23:35:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 23:35:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 23:35:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 23:35:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 23:35:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 23:35:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 23:35:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 23:35:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 23:35:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 23:35:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 23:35:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 23:35:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 23:35:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 23:35:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 23:26:52 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 23:26:51 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 23:26:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 23:26:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 23:26:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 23:26:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 23:26:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 23:26:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 23:26:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 23:26:36 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.10 02:34:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\ANNO 2070 [2013.02.09 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2013.02.09 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Application Data [2013.02.09 18:43:52 | 000,555,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2013.02.09 18:39:35 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.02.07 23:29:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\iFunbox_UserCache [2013.02.07 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\libimobiledevice [2013.02.05 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Apple Computer [2013.02.05 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apple Computer [2013.02.05 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.05 22:43:19 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.02.05 22:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.05 22:39:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apple [2013.02.05 22:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.05 22:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.05 22:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.02.05 22:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.05 22:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.05 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Diablo III [2013.02.05 18:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.05 18:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.02.04 18:03:25 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys [2013.02.04 17:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013.02.04 17:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.02.04 17:32:47 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll [2013.02.04 17:32:47 | 000,093,160 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys [2013.02.04 17:32:47 | 000,082,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2013.02.04 17:32:45 | 000,707,528 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013.02.04 17:32:45 | 000,589,000 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2013.02.04 17:32:45 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2013.02.04 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Bitdefender [2013.02.04 17:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.02.04 17:24:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\QuickScan [2013.02.04 17:23:05 | 000,350,160 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2013.02.04 17:23:05 | 000,145,696 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys [2013.02.04 17:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.02.04 17:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.02.04 17:08:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Keseling ========== Files - Modified Within 30 Days ========== [2013.03.04 22:14:45 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 22:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 22:14:11 | 4265,168,894 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 21:56:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 21:51:49 | 000,000,921 | ---- | M] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.rar [2013.03.04 21:49:51 | 000,004,346 | ---- | M] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.xml [2013.03.04 21:42:37 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 21:42:37 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 21:26:18 | 009,565,552 | ---- | M] (SurfRight B.V.) -- C:\Users\Johannes\Desktop\HitmanPro_x64.exe [2013.03.04 20:58:29 | 000,594,019 | ---- | M] () -- C:\Users\Johannes\Desktop\adwcleaner.exe [2013.03.04 20:26:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.03 20:33:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.03 19:41:40 | 005,036,301 | R--- | M] (Swearware) -- C:\Users\Johannes\Desktop\ComboFix.exe [2013.03.03 18:44:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johannes\Desktop\tdsskiller.exe [2013.03.03 18:02:32 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.03 17:52:31 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.03 15:36:30 | 001,619,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 15:36:30 | 000,699,092 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.03 15:36:30 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.03 15:36:30 | 000,149,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.03 15:36:30 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.03 15:22:29 | 000,042,592 | ---- | M] () -- C:\Users\Johannes\Desktop\OLT-Extras-Gmer.rar [2013.03.03 14:40:11 | 000,377,856 | ---- | M] () -- C:\Users\Johannes\Desktop\gmer_2.1.19115.exe [2013.03.03 14:39:05 | 000,000,168 | ---- | M] () -- C:\Users\Johannes\defogger_reenable [2013.03.03 14:36:05 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013.03.01 00:11:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013.02.28 22:36:55 | 000,000,638 | -H-- | M] () -- C:\bdr-cf01 [2013.02.28 22:30:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Johannes\Desktop\HiJackThis204.exe [2013.02.28 22:07:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.28 22:07:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.27 18:39:32 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.02.26 14:12:47 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2013.02.25 13:48:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.24 20:59:31 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.21 23:29:07 | 000,033,051 | ---- | M] () -- C:\Users\Johannes\Desktop\Sammelzeugnis_1103173_de.pdf [2013.02.17 17:26:54 | 002,198,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.02.10 04:25:27 | 001,114,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.02.10 04:25:27 | 000,963,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.10 04:25:27 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.10 04:25:27 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.02.09 18:43:52 | 000,555,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.02.05 18:37:27 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 18:18:47 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.02.05 17:58:18 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml [2013.02.04 18:03:25 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys [2013.02.04 18:03:24 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2013.02.04 18:03:23 | 000,145,696 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys [2013.02.04 17:54:39 | 001,592,096 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.04 17:33:19 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.02.04 17:33:19 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.02.04 17:33:08 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.02.04 17:33:08 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2013.02.04 17:33:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf ========== Files Created - No Company Name ========== [2013.03.04 21:51:49 | 000,000,921 | ---- | C] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.rar [2013.03.04 21:49:51 | 000,004,346 | ---- | C] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.xml [2013.03.04 20:58:29 | 000,594,019 | ---- | C] () -- C:\Users\Johannes\Desktop\adwcleaner.exe [2013.03.04 20:26:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.03 20:29:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.03 20:29:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.03 20:29:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.03 20:29:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.03 20:29:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.03 18:02:32 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.03 18:02:32 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.03 17:52:31 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.03 17:51:22 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 17:51:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.03 15:22:29 | 000,042,592 | ---- | C] () -- C:\Users\Johannes\Desktop\OLT-Extras-Gmer.rar [2013.03.03 14:40:11 | 000,377,856 | ---- | C] () -- C:\Users\Johannes\Desktop\gmer_2.1.19115.exe [2013.03.03 14:39:05 | 000,000,168 | ---- | C] () -- C:\Users\Johannes\defogger_reenable [2013.03.03 14:36:05 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013.03.01 00:39:41 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.25 13:48:15 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.21 23:29:06 | 000,033,051 | ---- | C] () -- C:\Users\Johannes\Desktop\Sammelzeugnis_1103173_de.pdf [2013.02.05 22:39:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.05 18:02:38 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.02.05 17:58:18 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2013.02.04 17:33:19 | 000,000,638 | -H-- | C] () -- C:\bdr-cf01 [2013.02.04 17:33:08 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.02.04 17:33:08 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2013.02.04 17:33:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.02.04 17:25:43 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01 [2013.02.04 17:25:43 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.02.04 17:25:42 | 037,133,532 | -H-- | C] () -- C:\bdr-im01.gz [2013.02.04 17:25:42 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.01.04 02:40:22 | 001,592,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.06 23:07:35 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg [2012.11.04 22:58:57 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.04 22:58:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.04 20:11:38 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.11.04 20:11:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll [2012.11.04 19:03:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.02 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.02 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.01.29 20:15:55 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AVG2013 [2013.02.04 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Bitdefender [2013.03.04 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\BitTorrent [2013.03.04 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite [2013.02.08 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\iFunbox_UserCache [2013.02.04 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Keseling [2012.12.19 18:18:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin [2013.02.04 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\QuickScan [2012.12.24 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Splashtop [2012.11.20 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Theta [2013.01.29 20:13:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software [2013.02.09 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2012.11.29 18:16:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 22:15:36 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 14,24 Gb Available Physical Memory | 89,23% Memory free
31,92 Gb Paging File | 30,04 Gb Available in Paging File | 94,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,83 Gb Total Space | 29,44 Gb Free Space | 19,78% Space Free | Partition Type: NTFS
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34F50917-87D7-4042-BEDA-6BB51DE4924B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38D5D104-D797-46B6-B936-9C1E7FBCB926}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F70A338-54AC-4CAD-B6B0-0B5B2430CDE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{5761CD98-8703-476E-B71B-CD0B67D0D778}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68F08078-B800-4850-9AC8-5CE7611B4839}" = rport=445 | protocol=6 | dir=out | app=system |
"{74257A4C-9A99-404E-9569-E79DF333DAE2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D374CE5-2744-4A7B-B299-DA203504E11C}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C31B5A6-9064-4105-8D37-2CF16727A05D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DAFEF86-EDC1-40EB-A21A-F763A4601EEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E6ECB65-DA41-43B5-98DF-577079D06BB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A16ECB28-23DF-4072-AE23-627CBC773D4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4ADFB83-3E73-4D17-8E50-738706493361}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB4EEDAC-13A8-4C33-9953-B6F2DA2755EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8508D63-6E71-4137-908D-C39B8E7AADAA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCAB5807-CA41-407D-B6C9-9038946D4B8C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF9A92E3-8DA7-465B-8D91-F958E19CC40D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C55AA820-DCAA-462C-9526-B79C0BD93C89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7C9468A-004C-444C-B987-E053FAB466C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA8A755C-FECD-4BE8-B441-570438E72669}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB269003-9ACC-47D2-A5C9-77294D3805F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9BC175A-9E1F-4BEF-A0D9-F1427051857D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFE32085-4C6B-48C6-9009-52D44C59B235}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD693E86-478B-4D40-BE07-C59E374DEE76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E82FD5-3636-4BF4-871B-6637A7E62AD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0801C6A6-DB7D-4BAB-B62E-D6A861751A42}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{0E662274-48A4-4668-B25C-430319D008CD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{12769BA4-A7FC-4989-B42C-A70B30D9FFDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B045E30-1369-4C4B-9186-F23D2536ED50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BE6685B-19B7-45DB-BA04-93879CD78656}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{204195E0-5359-4C78-AE3C-3B060347F56D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{20B20189-D9C9-4742-BC23-1953020FA071}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22963D1F-4D68-4F03-A7F1-396BFC60FD69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{28F413A1-C4B2-4718-929A-10412343857D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{293BE458-6C31-477B-91B0-3F0BE24235D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D360E87-EF88-4B1A-9827-309527F66EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2DBCAA9D-FF97-4382-8552-74954AD09561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{316EDA11-842A-47CC-A299-BAB723F916B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37DA8C28-7B0E-432C-82B8-3B2E5A9BDE3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{384DC4B7-1638-470E-BFA3-ABCD8FFABC3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{3D847D0F-3EC2-4AA5-859A-B571251E2C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{3EF37C3A-5057-4B9C-9757-1231B938D4D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4127C684-4911-4265-A797-B346A66B46D7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{490A1DBE-C94E-460D-8DF1-B446089E74CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{498C716F-FF40-449C-AB31-8F5E557084D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5499FB21-DAAB-4FD4-8C1D-C1106F6D6F09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AC99067-B258-4E2D-91DB-FAA0208F6E0B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{6C518995-F109-4A70-81CD-862DC7BC175A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D080152-A7AB-4854-900B-501FDE5B4D59}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{774F03BC-C263-4037-922B-72EB1CF7738A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BC69057-CC83-47F7-A1D2-6D7CCB161AE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{80DB6586-B93E-4A9D-B14A-4EA279D9C1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{8198E5AB-FF0B-479B-AD69-E36835EB3F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8378624C-BF26-46B0-B02A-5E0F45620E77}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8B1995E9-1270-41C9-AADC-5B3DF36A96BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8B7144CF-1560-44D1-98F5-D94E18F73622}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A67914F6-4BBA-44BC-B410-329F2AEFAD7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A68DF9BA-5913-4343-A1FE-9BAF40FCEB1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6C8C7C7-B5E0-4D35-B833-355DBEA17448}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7FDB637-EF50-44EE-B50E-F187565DF28B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{A8CA022C-1DD1-4839-B9C7-997683E84AA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{AFE8CA8E-3502-44CD-B8E9-AFF32C192BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{B9ADA1FA-E05B-4240-9F47-40E240E7DA61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAC826F5-8D94-4DC4-A08A-8B634CEBBB01}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3A2DDA2-07B0-4BC1-B144-FCEC0A2E99DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CA27A659-A9B5-44D9-BA82-67CCFBEF4C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7F2D3A8-F866-476B-8DE4-20F566F275F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D97BFB44-E3CD-4389-83D5-ABE7BD0E854E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DD00871F-B325-4810-8712-3F06FD6395EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E34ECA4B-F84F-4A14-B9D9-1161428539FB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E5E26530-DD09-4ECB-9717-1C1DE2282473}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E76F5DA5-95F0-497C-AED0-AC590BA579D7}" = protocol=6 | dir=out | app=system |
"{EB445735-AA23-496C-9DFD-640D73F66D6D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F32AF64D-63E9-45C6-BEE9-682DCC573C1C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F9C8F916-A2D0-4ADD-8518-C4DECF6E404A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAD2AD25-B48F-48A2-9DD7-02BF9F220E45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{FDD0C4CD-9BC8-4921-ABF2-33F8908F3565}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FE6E6E12-63DF-4FE2-80F9-3E7640A50C1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{10D0D07B-20F3-4B5D-AF20-B6DA172A309A}C:\users\johannes\desktop\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\aoe2\age2_x1.exe |
"TCP Query User{13DF9A58-5D23-45D0-AD91-A85DCFABA90E}E:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=e:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe |
"TCP Query User{16FC6550-8194-4275-97CE-52D7C5900995}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{6E958BAC-3710-4669-AAE1-98110B1B9641}C:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"TCP Query User{74FE029C-FB6D-4D31-8376-659E55814BAD}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe |
"TCP Query User{864DC078-BD31-4273-935C-1CB2754B62ED}C:\users\johannes\desktop\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\aoe2\empires2.exe |
"TCP Query User{DF6E1FD5-C31A-4349-A8FB-3503B830CBAF}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{02B4CB83-E7B6-4E0C-BC53-07B952BDF025}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{2FCEA2B6-906D-4EF9-AA34-D7B41F8E43D5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{3BD114C1-5C87-4D8B-B892-A68B1F168019}C:\users\johannes\desktop\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\aoe2\empires2.exe |
"UDP Query User{49AA2B9B-6E6F-41C2-9E5E-ED057A379954}C:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"UDP Query User{5621ABDB-DE4C-42C5-BC05-A7D2E082524D}E:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=e:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe |
"UDP Query User{93FA6E01-D39E-415A-B05E-72D6375B3C83}C:\users\johannes\desktop\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\aoe2\age2_x1.exe |
"UDP Query User{ED8569A7-730B-4528-AA14-A3051C3BDEE1}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0215.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 550" = Left 4 Dead 2
"Uplay" = Uplay
"Wiggles" = Wiggles
"xvid" = XviD MPEG-4 Video Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 18:10:59 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x076c03b8 ID des fehlerhaften
Prozesses: 0x16b8 Startzeit der fehlerhaften Anwendung: 0x01ce16007cec7a01 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: baa85703-81f3-11e2-8c01-902b34382990
Error - 28.02.2013 18:11:00 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x073c7c00 ID des fehlerhaften
Prozesses: 0x174c Startzeit der fehlerhaften Anwendung: 0x01ce16007da608b8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: bb620ccb-81f3-11e2-8c01-902b34382990
Error - 28.02.2013 19:45:56 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1407,
Zeitstempel: 0x5116e918 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1407,
Zeitstempel: 0x5116e918 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000154f89
ID
des fehlerhaften Prozesses: 0xb24 Startzeit der fehlerhaften Anwendung: 0x01ce160dac78f601
Pfad
der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
fe719148-8200-11e2-8c01-902b34382990
Error - 28.02.2013 20:01:09 | Computer Name = Johannes-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 174c Startzeit:
01ce160f9f24ae69 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0e3aef2b-8203-11e2-8c01-902b34382990
Error - 03.03.2013 10:08:01 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x004513f0 ID des fehlerhaften
Prozesses: 0x1268 Startzeit der fehlerhaften Anwendung: 0x01ce1818804bc3fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c20fac57-840b-11e2-9d18-902b34382990
Error - 03.03.2013 10:08:04 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00442fb8 ID des fehlerhaften
Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01ce181885bc48fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c3797d80-840b-11e2-9d18-902b34382990
Error - 03.03.2013 10:08:06 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07343e28 ID des fehlerhaften
Prozesses: 0xd98 Startzeit der fehlerhaften Anwendung: 0x01ce181886af155a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c4c45cc6-840b-11e2-9d18-902b34382990
Error - 04.03.2013 16:05:40 | Computer Name = Johannes-PC | Source = Application Hang | ID = 1002
Description = Programm wseC92C.tmp, Version 1.0.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1524 Startzeit:
01ce19136476668c Endzeit: 0 Anwendungspfad: C:\Users\Johannes\AppData\Local\Temp\wseC92C.tmp
Berichts-ID:
dfd7cd64-8506-11e2-ac40-902b34382990
Error - 04.03.2013 16:50:15 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a635b0 ID des fehlerhaften
Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01ce1919de9d6585 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1d29b1bf-850d-11e2-8671-902b34382990
Error - 04.03.2013 16:50:17 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09ca0fe8 ID des fehlerhaften
Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0x01ce1919e0b4fb23 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1e7e1687-850d-11e2-8671-902b34382990
[ Media Center Events ]
Error - 03.01.2013 13:23:12 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:23:12 - Fehler beim Herstellen der Internetverbindung. 18:23:12
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 13:24:04 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:23:59 - Fehler beim Herstellen der Internetverbindung. 18:23:59
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 15:01:04 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 20:01:04 - Fehler beim Herstellen der Internetverbindung. 20:01:04
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 15:01:59 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 20:01:52 - Fehler beim Herstellen der Internetverbindung. 20:01:52
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:46:47 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:46:47 - Fehler beim Herstellen der Internetverbindung. 18:46:47
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:47:36 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:47:36 - Fehler beim Herstellen der Internetverbindung. 18:47:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:47:40 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:47:34 - Fehler beim Herstellen der Internetverbindung. 18:47:34
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:48:25 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:48:24 - Fehler beim Herstellen der Internetverbindung. 18:48:24
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2013 14:07:27 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 19:07:27 - Fehler beim Herstellen der Internetverbindung. 19:07:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2013 14:08:19 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 19:08:14 - Fehler beim Herstellen der Internetverbindung. 19:08:14
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.03.2013 10:07:16 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 10:43:12 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 11:14:28 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 12:54:21 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 13:22:13 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 13:58:18 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 15:31:20 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.03.2013 15:32:57 | Computer Name = Johannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.03.2013 15:33:30 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.03.2013 18:26:36 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
04.03.2013, 22:34
| #18 |
| /// Malware-holic | Firefox sowie Internet Explorer starten nicht mehr Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ |
|
04.03.2013, 22:44
| #19 |
| | Firefox sowie Internet Explorer starten nicht mehr oke also eigendlich läuft der pc ganz rund jedoch funktioniert firefox und der internet explorer noch immer nicht(stürzen immer beim start ab) Code:
ATTFilter All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johannes
->Temp folder emptied: 87134 bytes
->Temporary Internet Files folder emptied: 690354 bytes
->FireFox cache emptied: 75995259 bytes
->Google Chrome cache emptied: 96454261 bytes
->Flash cache emptied: 531 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 165,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_223614
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.03.2013, 19:43
| #20 |
| /// Malware-holic | Firefox sowie Internet Explorer starten nicht mehr hi test fehlt noch
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 18:51
| #21 |
| | Firefox sowie Internet Explorer starten nicht mehr OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 06.03.2013 18:38:12 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 14,18 Gb Available Physical Memory | 88,81% Memory free 31,92 Gb Paging File | 29,98 Gb Available in Paging File | 93,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,83 Gb Total Space | 29,05 Gb Free Space | 19,52% Space Free | Partition Type: NTFS Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) PRC - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\SysWOW64\ASDR.exe () PRC - C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll () MOD - C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll () ========== Services (SafeList) ========== SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.) SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (ASDR) -- C:\Windows\SysWOW64\ASDR.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.) DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC) DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Users\Johannes\Desktop\Programme\Real Temp\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 33 7D 7C B7 BA CD 01 [binary data] IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes,DefaultScope = {1C556991-94AD-44e8-ADF6-0448D784C024} IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{1C556991-94AD-44e8-ADF6-0448D784C024}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{7E54566A-08E5-4d90-A488-A59839D306D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\..\SearchScopes\{D063C8A7-A367-4420-864F-AA5FA4F547EB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3708035738-3043084122-722666103-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.04 17:33:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.03 18:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.02.04 17:33:00 | 000,000,000 | ---D | M] [2012.11.04 19:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2013.03.03 18:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\vpxo1osk.default\extensions [2013.03.03 18:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - Extension: Angry Birds = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Docs = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Cut the Rope = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\ CHR - Extension: Plants vs Zombies = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.03 20:33:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKU\S-1-5-21-3708035738-3043084122-722666103-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3708035738-3043084122-722666103-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3708035738-3043084122-722666103-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63CD16F-1B95-45EF-AFF9-5AAAA49E1DA1}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 22:36:14 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.04 21:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.04 21:26:01 | 009,565,552 | ---- | C] (SurfRight B.V.) -- C:\Users\Johannes\Desktop\HitmanPro_x64.exe [2013.03.04 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.04 20:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.04 17:19:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.03 20:29:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.03 20:29:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.03 20:29:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.03 20:29:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.03 20:29:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.03 19:41:14 | 005,036,301 | R--- | C] (Swearware) -- C:\Users\Johannes\Desktop\ComboFix.exe [2013.03.03 18:44:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johannes\Desktop\tdsskiller.exe [2013.03.03 18:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.03 17:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.03 17:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.03 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Google [2013.03.01 00:39:45 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.03.01 00:39:44 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.03.01 00:39:41 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.03.01 00:39:41 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.03.01 00:39:41 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.03.01 00:39:41 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.03.01 00:39:41 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.03.01 00:39:41 | 000,963,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.03.01 00:39:41 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.03.01 00:39:41 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.03.01 00:39:39 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.03.01 00:39:39 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.03.01 00:39:39 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.03.01 00:39:39 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.03.01 00:39:39 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.03.01 00:39:39 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.03.01 00:39:39 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.03.01 00:39:39 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.03.01 00:39:39 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.03.01 00:39:32 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.03.01 00:39:32 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.03.01 00:11:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013.02.28 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\backups [2013.02.28 22:30:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Johannes\Desktop\HiJackThis204.exe [2013.02.28 01:24:54 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 01:24:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 01:24:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 01:24:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 01:24:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 01:24:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 01:24:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 01:24:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 01:24:42 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 01:24:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 01:24:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 01:24:42 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 01:24:42 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 01:24:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 01:24:42 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 01:24:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 01:24:42 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 01:24:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 01:24:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 01:24:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 01:24:42 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 01:24:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:24:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:24:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:24:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:24:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:24:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:24:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:24:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:24:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:24:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:24:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:24:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 01:24:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.25 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.02.25 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2013.02.13 23:35:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 23:35:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 23:35:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 23:35:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 23:35:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 23:35:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 23:35:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 23:35:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 23:35:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 23:35:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 23:35:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 23:35:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 23:35:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 23:35:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 23:35:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 23:26:52 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 23:26:51 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 23:26:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 23:26:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 23:26:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 23:26:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 23:26:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 23:26:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 23:26:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 23:26:36 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.10 02:34:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\ANNO 2070 [2013.02.09 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2013.02.09 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Application Data [2013.02.09 18:43:52 | 000,555,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2013.02.09 18:39:35 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.02.07 23:29:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\iFunbox_UserCache [2013.02.07 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\libimobiledevice [2013.02.05 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Apple Computer [2013.02.05 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apple Computer [2013.02.05 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.05 22:43:19 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.02.05 22:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.05 22:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.05 22:39:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apple [2013.02.05 22:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.05 22:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.05 22:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.02.05 22:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.05 22:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.05 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Diablo III [2013.02.05 18:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.05 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.05 18:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net ========== Files - Modified Within 30 Days ========== [2013.03.06 18:36:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.06 18:35:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.06 18:35:27 | 4265,168,894 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 23:56:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 22:44:54 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 22:44:54 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 21:51:49 | 000,000,921 | ---- | M] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.rar [2013.03.04 21:49:51 | 000,004,346 | ---- | M] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.xml [2013.03.04 21:26:18 | 009,565,552 | ---- | M] (SurfRight B.V.) -- C:\Users\Johannes\Desktop\HitmanPro_x64.exe [2013.03.04 20:58:29 | 000,594,019 | ---- | M] () -- C:\Users\Johannes\Desktop\adwcleaner.exe [2013.03.04 20:26:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.03 20:33:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.03 19:41:40 | 005,036,301 | R--- | M] (Swearware) -- C:\Users\Johannes\Desktop\ComboFix.exe [2013.03.03 18:44:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johannes\Desktop\tdsskiller.exe [2013.03.03 18:02:32 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.03 17:52:31 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.03 15:36:30 | 001,619,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 15:36:30 | 000,699,092 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.03 15:36:30 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.03 15:36:30 | 000,149,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.03 15:36:30 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.03 15:22:29 | 000,042,592 | ---- | M] () -- C:\Users\Johannes\Desktop\OLT-Extras-Gmer.rar [2013.03.03 14:40:11 | 000,377,856 | ---- | M] () -- C:\Users\Johannes\Desktop\gmer_2.1.19115.exe [2013.03.03 14:39:05 | 000,000,168 | ---- | M] () -- C:\Users\Johannes\defogger_reenable [2013.03.03 14:36:05 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013.03.01 00:11:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013.02.28 22:36:55 | 000,000,638 | -H-- | M] () -- C:\bdr-cf01 [2013.02.28 22:30:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Johannes\Desktop\HiJackThis204.exe [2013.02.28 22:07:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.28 22:07:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.27 18:39:32 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.02.26 14:12:47 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2013.02.25 13:48:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.24 20:59:31 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.21 23:29:07 | 000,033,051 | ---- | M] () -- C:\Users\Johannes\Desktop\Sammelzeugnis_1103173_de.pdf [2013.02.17 17:26:54 | 002,198,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll [2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll [2013.02.10 04:25:27 | 001,114,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.02.10 04:25:27 | 000,963,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.10 04:25:27 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.10 04:25:27 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.02.09 18:43:52 | 000,555,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.02.05 18:37:27 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 18:18:47 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.02.05 17:58:18 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml ========== Files Created - No Company Name ========== [2013.03.04 21:51:49 | 000,000,921 | ---- | C] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.rar [2013.03.04 21:49:51 | 000,004,346 | ---- | C] () -- C:\Users\Johannes\Desktop\HitmanPro_20130304_2149.xml [2013.03.04 20:58:29 | 000,594,019 | ---- | C] () -- C:\Users\Johannes\Desktop\adwcleaner.exe [2013.03.04 20:26:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.03 20:29:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.03 20:29:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.03 20:29:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.03 20:29:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.03 20:29:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.03 18:02:32 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.03 18:02:32 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.03 17:52:31 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.03 17:51:22 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 17:51:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.03 15:22:29 | 000,042,592 | ---- | C] () -- C:\Users\Johannes\Desktop\OLT-Extras-Gmer.rar [2013.03.03 14:40:11 | 000,377,856 | ---- | C] () -- C:\Users\Johannes\Desktop\gmer_2.1.19115.exe [2013.03.03 14:39:05 | 000,000,168 | ---- | C] () -- C:\Users\Johannes\defogger_reenable [2013.03.03 14:36:05 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013.03.01 00:39:41 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.25 13:48:15 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.21 23:29:06 | 000,033,051 | ---- | C] () -- C:\Users\Johannes\Desktop\Sammelzeugnis_1103173_de.pdf [2013.02.05 22:39:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.05 18:02:38 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.02.05 17:58:18 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2013.01.04 02:40:22 | 001,592,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.06 23:07:35 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg [2012.11.04 22:58:57 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.04 22:58:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.04 20:11:38 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.11.04 20:11:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll [2012.11.04 20:11:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll [2012.11.04 19:03:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.02 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.02 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.01.29 20:15:55 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AVG2013 [2013.02.04 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Bitdefender [2013.03.04 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\BitTorrent [2013.03.04 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite [2013.02.08 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\iFunbox_UserCache [2013.02.04 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Keseling [2012.12.19 18:18:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin [2013.02.04 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\QuickScan [2012.12.24 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Splashtop [2012.11.20 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Theta [2013.01.29 20:13:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software [2013.02.09 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2012.11.29 18:16:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.03.2013 18:38:12 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 14,18 Gb Available Physical Memory | 88,81% Memory free
31,92 Gb Paging File | 29,98 Gb Available in Paging File | 93,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,83 Gb Total Space | 29,05 Gb Free Space | 19,52% Space Free | Partition Type: NTFS
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3708035738-3043084122-722666103-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34F50917-87D7-4042-BEDA-6BB51DE4924B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38D5D104-D797-46B6-B936-9C1E7FBCB926}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F70A338-54AC-4CAD-B6B0-0B5B2430CDE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{5761CD98-8703-476E-B71B-CD0B67D0D778}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68F08078-B800-4850-9AC8-5CE7611B4839}" = rport=445 | protocol=6 | dir=out | app=system |
"{74257A4C-9A99-404E-9569-E79DF333DAE2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D374CE5-2744-4A7B-B299-DA203504E11C}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C31B5A6-9064-4105-8D37-2CF16727A05D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DAFEF86-EDC1-40EB-A21A-F763A4601EEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E6ECB65-DA41-43B5-98DF-577079D06BB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A16ECB28-23DF-4072-AE23-627CBC773D4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4ADFB83-3E73-4D17-8E50-738706493361}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB4EEDAC-13A8-4C33-9953-B6F2DA2755EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8508D63-6E71-4137-908D-C39B8E7AADAA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCAB5807-CA41-407D-B6C9-9038946D4B8C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF9A92E3-8DA7-465B-8D91-F958E19CC40D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C55AA820-DCAA-462C-9526-B79C0BD93C89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7C9468A-004C-444C-B987-E053FAB466C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA8A755C-FECD-4BE8-B441-570438E72669}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB269003-9ACC-47D2-A5C9-77294D3805F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9BC175A-9E1F-4BEF-A0D9-F1427051857D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFE32085-4C6B-48C6-9009-52D44C59B235}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD693E86-478B-4D40-BE07-C59E374DEE76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E82FD5-3636-4BF4-871B-6637A7E62AD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0801C6A6-DB7D-4BAB-B62E-D6A861751A42}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{0E662274-48A4-4668-B25C-430319D008CD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{12769BA4-A7FC-4989-B42C-A70B30D9FFDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B045E30-1369-4C4B-9186-F23D2536ED50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BE6685B-19B7-45DB-BA04-93879CD78656}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{204195E0-5359-4C78-AE3C-3B060347F56D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{20B20189-D9C9-4742-BC23-1953020FA071}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22963D1F-4D68-4F03-A7F1-396BFC60FD69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{28F413A1-C4B2-4718-929A-10412343857D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{293BE458-6C31-477B-91B0-3F0BE24235D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D360E87-EF88-4B1A-9827-309527F66EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2DBCAA9D-FF97-4382-8552-74954AD09561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{316EDA11-842A-47CC-A299-BAB723F916B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37DA8C28-7B0E-432C-82B8-3B2E5A9BDE3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{384DC4B7-1638-470E-BFA3-ABCD8FFABC3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{3D847D0F-3EC2-4AA5-859A-B571251E2C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{3EF37C3A-5057-4B9C-9757-1231B938D4D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4127C684-4911-4265-A797-B346A66B46D7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{490A1DBE-C94E-460D-8DF1-B446089E74CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{498C716F-FF40-449C-AB31-8F5E557084D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5499FB21-DAAB-4FD4-8C1D-C1106F6D6F09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AC99067-B258-4E2D-91DB-FAA0208F6E0B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{6C518995-F109-4A70-81CD-862DC7BC175A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D080152-A7AB-4854-900B-501FDE5B4D59}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{774F03BC-C263-4037-922B-72EB1CF7738A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BC69057-CC83-47F7-A1D2-6D7CCB161AE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{80DB6586-B93E-4A9D-B14A-4EA279D9C1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{8198E5AB-FF0B-479B-AD69-E36835EB3F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8378624C-BF26-46B0-B02A-5E0F45620E77}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8B1995E9-1270-41C9-AADC-5B3DF36A96BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8B7144CF-1560-44D1-98F5-D94E18F73622}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A67914F6-4BBA-44BC-B410-329F2AEFAD7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A68DF9BA-5913-4343-A1FE-9BAF40FCEB1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6C8C7C7-B5E0-4D35-B833-355DBEA17448}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7FDB637-EF50-44EE-B50E-F187565DF28B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{A8CA022C-1DD1-4839-B9C7-997683E84AA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{AFE8CA8E-3502-44CD-B8E9-AFF32C192BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{B9ADA1FA-E05B-4240-9F47-40E240E7DA61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAC826F5-8D94-4DC4-A08A-8B634CEBBB01}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3A2DDA2-07B0-4BC1-B144-FCEC0A2E99DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CA27A659-A9B5-44D9-BA82-67CCFBEF4C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7F2D3A8-F866-476B-8DE4-20F566F275F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D97BFB44-E3CD-4389-83D5-ABE7BD0E854E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DD00871F-B325-4810-8712-3F06FD6395EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E34ECA4B-F84F-4A14-B9D9-1161428539FB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E5E26530-DD09-4ECB-9717-1C1DE2282473}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E76F5DA5-95F0-497C-AED0-AC590BA579D7}" = protocol=6 | dir=out | app=system |
"{EB445735-AA23-496C-9DFD-640D73F66D6D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F32AF64D-63E9-45C6-BEE9-682DCC573C1C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F9C8F916-A2D0-4ADD-8518-C4DECF6E404A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAD2AD25-B48F-48A2-9DD7-02BF9F220E45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{FDD0C4CD-9BC8-4921-ABF2-33F8908F3565}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FE6E6E12-63DF-4FE2-80F9-3E7640A50C1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{10D0D07B-20F3-4B5D-AF20-B6DA172A309A}C:\users\johannes\desktop\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\aoe2\age2_x1.exe |
"TCP Query User{13DF9A58-5D23-45D0-AD91-A85DCFABA90E}E:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=e:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe |
"TCP Query User{16FC6550-8194-4275-97CE-52D7C5900995}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{6E958BAC-3710-4669-AAE1-98110B1B9641}C:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"TCP Query User{74FE029C-FB6D-4D31-8376-659E55814BAD}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe |
"TCP Query User{864DC078-BD31-4273-935C-1CB2754B62ED}C:\users\johannes\desktop\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\aoe2\empires2.exe |
"TCP Query User{DF6E1FD5-C31A-4349-A8FB-3503B830CBAF}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{02B4CB83-E7B6-4E0C-BC53-07B952BDF025}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{2FCEA2B6-906D-4EF9-AA34-D7B41F8E43D5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{3BD114C1-5C87-4D8B-B892-A68B1F168019}C:\users\johannes\desktop\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\aoe2\empires2.exe |
"UDP Query User{49AA2B9B-6E6F-41C2-9E5E-ED057A379954}C:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"UDP Query User{5621ABDB-DE4C-42C5-BC05-A7D2E082524D}E:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=e:\spiele\age of empires 2\aoe2+exp\age of empires ii\age2_x1\age2_x2.exe |
"UDP Query User{93FA6E01-D39E-415A-B05E-72D6375B3C83}C:\users\johannes\desktop\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\aoe2\age2_x1.exe |
"UDP Query User{ED8569A7-730B-4528-AA14-A3051C3BDEE1}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0215.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 550" = Left 4 Dead 2
"Uplay" = Uplay
"Wiggles" = Wiggles
"xvid" = XviD MPEG-4 Video Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 20:01:09 | Computer Name = Johannes-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 174c Startzeit:
01ce160f9f24ae69 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0e3aef2b-8203-11e2-8c01-902b34382990
Error - 03.03.2013 10:08:01 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x004513f0 ID des fehlerhaften
Prozesses: 0x1268 Startzeit der fehlerhaften Anwendung: 0x01ce1818804bc3fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c20fac57-840b-11e2-9d18-902b34382990
Error - 03.03.2013 10:08:04 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00442fb8 ID des fehlerhaften
Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01ce181885bc48fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c3797d80-840b-11e2-9d18-902b34382990
Error - 03.03.2013 10:08:06 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07343e28 ID des fehlerhaften
Prozesses: 0xd98 Startzeit der fehlerhaften Anwendung: 0x01ce181886af155a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c4c45cc6-840b-11e2-9d18-902b34382990
Error - 04.03.2013 16:05:40 | Computer Name = Johannes-PC | Source = Application Hang | ID = 1002
Description = Programm wseC92C.tmp, Version 1.0.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1524 Startzeit:
01ce19136476668c Endzeit: 0 Anwendungspfad: C:\Users\Johannes\AppData\Local\Temp\wseC92C.tmp
Berichts-ID:
dfd7cd64-8506-11e2-ac40-902b34382990
Error - 04.03.2013 16:50:15 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a635b0 ID des fehlerhaften
Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01ce1919de9d6585 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1d29b1bf-850d-11e2-8671-902b34382990
Error - 04.03.2013 16:50:17 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09ca0fe8 ID des fehlerhaften
Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0x01ce1919e0b4fb23 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1e7e1687-850d-11e2-8671-902b34382990
Error - 04.03.2013 17:38:51 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09b40048 ID des fehlerhaften
Prozesses: 0x1058 Startzeit der fehlerhaften Anwendung: 0x01ce1920a81884c8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e72c7f71-8513-11e2-a949-902b34382990
Error - 04.03.2013 17:38:53 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00873418 ID des fehlerhaften
Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0x01ce1920aa941431 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e8586cd4-8513-11e2-a949-902b34382990
Error - 04.03.2013 17:38:55 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16464,
Zeitstempel: 0x50ec971b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07adf618 ID des fehlerhaften
Prozesses: 0x888 Startzeit der fehlerhaften Anwendung: 0x01ce1920ab8e04ae Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e97f9776-8513-11e2-a949-902b34382990
[ Media Center Events ]
Error - 03.01.2013 13:23:12 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:23:12 - Fehler beim Herstellen der Internetverbindung. 18:23:12
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 13:24:04 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:23:59 - Fehler beim Herstellen der Internetverbindung. 18:23:59
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 15:01:04 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 20:01:04 - Fehler beim Herstellen der Internetverbindung. 20:01:04
- Serververbindung konnte nicht hergestellt werden..
Error - 03.01.2013 15:01:59 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 20:01:52 - Fehler beim Herstellen der Internetverbindung. 20:01:52
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:46:47 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:46:47 - Fehler beim Herstellen der Internetverbindung. 18:46:47
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:47:36 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:47:36 - Fehler beim Herstellen der Internetverbindung. 18:47:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:47:40 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:47:34 - Fehler beim Herstellen der Internetverbindung. 18:47:34
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2013 13:48:25 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 18:48:24 - Fehler beim Herstellen der Internetverbindung. 18:48:24
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2013 14:07:27 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 19:07:27 - Fehler beim Herstellen der Internetverbindung. 19:07:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2013 14:08:19 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 19:08:14 - Fehler beim Herstellen der Internetverbindung. 19:08:14
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.03.2013 10:43:12 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 11:14:28 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 12:54:21 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 13:22:13 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 13:58:18 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 03.03.2013 15:31:20 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.03.2013 15:32:57 | Computer Name = Johannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.03.2013 15:33:30 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.03.2013 18:26:36 | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 04.03.2013 17:36:14 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
< End of report >
|
|
06.03.2013, 19:01
| #22 |
| /// Malware-holic | Firefox sowie Internet Explorer starten nicht mehr das ist schon wieder ein otl log ich hatte unter dem otl fix in post 18 noch um einen Test gebeten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 19:08
| #23 |
| | Firefox sowie Internet Explorer starten nicht mehr also es funktioniert alles tadellos bis auf firefox und internet explorer sogar chrome funktioniert ohne probleme, die ersten 2 genannten stürzen immer beim start ab. toolbars oder der gleichen sind keine vorhanden. spiele und andere programme funktionieren auch ohne probleme. |
|
08.03.2013, 21:20
| #24 |
| /// Malware-holic | Firefox sowie Internet Explorer starten nicht mehr Hi fehlermeldungen beim absturtz, wennn ja mal als Text posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2013, 14:46
| #25 |
| | Firefox sowie Internet Explorer starten nicht mehr im internet explorer kommt absolut nichts, vor paar tagen ist noch gekommen das er nicht mehr funktioniert und jetzt ist einfach ein weißer bildschirm und keine seite öffnet sich. Firefox startet nichtmal sondern sagt mir das ein fehler aufgetreten ist und ich den bericht an mozilla schicken soll aber deteils kann er mir nicht anzeigen, und wenn ich dann paar mal auf neustarten klicke kommt eine meldung das ich ihn im abgesicherten modus starten kann und dann funktioniert eigendlich alles bis auf ein paar addons. ich weiß das klingt alles bisschen komisch aber ich hab echt schon alles versucht und an den programmen kann es einfach nicht liegen ... |
|
11.03.2013, 18:10
| #26 |
| /// Malware-holic | Firefox sowie Internet Explorer starten nicht mehr dann setzen wir neu auf 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Firefox sowie Internet Explorer starten nicht mehr |
| abgesicherten, anhang, bitdefender, board, defender, explorer, files, firefox, gmer, hoffe, interne, internet, internet explorer, langsamer, modus, nicht mehr, nichts, problem, starte, starten, starten nicht, trojaner, trojaner board, weiterhelfen, windows, zunge |
Textbox. 
Linear-Darstellung
