| |
| |||||||
Log-Analyse und Auswertung: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2013, 15:15
| #1 |
 |  Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Hallo, seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. Kein Erfolg. Gestern hatte ich nun einen Bluescreen. Nun möchte ich wissen, ob hier Malware drauf ist? Code:
ATTFilter Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000000a (0xfffffa8019c52010, 0x0000000000000002, 0x0000000000000001, 0xfffff80003135e96). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP. Berichts-ID: 030813-16473-01.
Code:
ATTFilter [Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: srv*c:\websymbols*hxxp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`03003000 PsLoadedModuleList = 0xfffff800`03247670
Debug session time: Fri Mar 8 22:48:16.507 2013 (GMT+1)
System Uptime: 0 days 9:09:29.725
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.....
The context is partially valid. Only x86 user-mode context is available.
The wow64exts extension must be loaded to access 32-bit state.
.load wow64exts will do this if you haven't loaded it already.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffa8019c52010, 2, 1, fffff80003135e96}
Probably caused by : Unknown_Image ( nt!MiReleaseConfirmedPageFileSpace+86 )
Followup: MachineOwner
---------
16.0: kd:x86> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8019c52010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003135e96, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: fffffa8019c52010
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48 dec eax
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 0000000000000000 to 0000000000000000
STACK_TEXT:
00000000 00000000 00000000 00000000 00000000 0x0
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48 dec eax
SYMBOL_NAME: nt!MiReleaseConfirmedPageFileSpace+86
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: Unknown_Image
BUCKET_ID: INVALID_KERNEL_CONTEXT
MODULE_NAME: Unknown_Module
Followup: MachineOwner
Otl: Code:
ATTFilter OTL logfile created on: 09.03.2013 14:51:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\123456\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free 15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe PRC - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:24:04 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe PRC - [2010.11.16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.02.19 16:24:48 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2013.02.15 11:22:29 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll MOD - [2013.02.15 11:22:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.15 10:36:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.02.11 01:51:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.02.10 23:43:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.02.10 23:43:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.02.10 23:43:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.02.10 23:43:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.02.10 23:42:59 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.02.10 23:42:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.02.10 23:42:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.02.10 23:42:55 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe MOD - [2012.04.26 14:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.03.08 14:37:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 15:30:59 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.31 13:36:46 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2010.11.16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.12.24 21:15:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.11 16:24:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:24:01 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.29 15:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2) DRV:64bit: - [2007.07.13 11:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FC866619-3B7A-4B7A-814E-F67001387215}&mid=eb32383579de47d08cf7125819465495-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=bm012&pr=sa&d=2012-12-16 22:01:35&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:25:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Extensions [2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions [2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi [2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi [2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml [2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml [2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.19 16:25:19 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.t-online.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.t-online.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\123456\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Docs = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Security Toolbar = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: Google Mail = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.07.14 05:08:11 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe [2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols [2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols [2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86) [2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86) [2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\ElevatedDiagnostics [2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\HpUpdate [2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\HP [2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Paris [2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Google [2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\kuaiyong [2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong [2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013.02.11 00:02:38 | 000,000,000 | ---D | C] -- C:\Download [2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Samsung [2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\Documents\My Videos [2013.02.11 00:02:22 | 000,000,000 | ---D | C] -- C:\AllShare [2013.02.11 00:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.02.11 00:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.02.10 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Downloaded Installations [2013.02.08 13:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2013.02.08 13:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner [2013.02.08 13:46:08 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.02.08 13:46:08 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.02.08 13:46:08 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.02.08 13:46:08 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.02.08 13:46:08 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.02.08 13:46:04 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.02.08 13:46:04 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.02.08 13:46:04 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.02.08 13:46:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.02.08 13:46:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.02.08 13:45:59 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.02.08 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner [2013.02.08 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2013.02.07 20:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.07 20:33:13 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.07 20:33:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.07 20:33:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.07 20:33:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.07 20:33:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.07 20:33:09 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.07 20:33:09 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.07 20:33:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.07 20:33:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.07 20:33:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.07 20:33:07 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.07 20:33:07 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.07 20:33:03 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.07 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.07 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.07 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Audio(6559) [2013.02.07 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.07 19:15:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe [2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\123456\defogger_reenable [2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\123456\Desktop\Defogger.exe [2013.03.09 14:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.09 13:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 12:39:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.09 12:39:09 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.09 12:39:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.09 12:39:09 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.09 12:39:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.09 12:32:04 | 000,001,962 | ---- | M] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.09 12:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 12:31:37 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 22:49:20 | 581,628,762 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\123456\Documents\Scan0001.jpg [2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\123456\Desktop\Fr. Revolution.odt [2013.03.06 15:56:35 | 000,002,366 | ---- | M] () -- C:\Users\123456\Desktop\Google Chrome.lnk [2013.03.06 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\123456\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.15 14:55:26 | 004,917,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.15 11:42:50 | 000,015,308 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt [2013.02.11 17:38:19 | 000,013,388 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt [2013.02.10 23:44:43 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.08 13:46:20 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.02.08 13:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.02.08 13:45:52 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.02.08 13:45:52 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.02.08 13:45:52 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.02.08 13:45:52 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.02.08 13:45:52 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.02.08 13:45:52 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.02.08 13:45:52 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\123456\defogger_reenable [2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\123456\Desktop\Defogger.exe [2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\123456\Documents\Scan0001.jpg [2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\123456\Desktop\Fr. Revolution.odt [2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\123456\Desktop\Google Chrome.lnk [2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\123456\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.24 23:01:41 | 581,628,762 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.10 20:20:06 | 000,015,308 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt [2013.02.10 19:53:13 | 000,013,388 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt [2013.02.08 13:46:20 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.02.08 13:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.02.07 20:33:10 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.07 20:33:08 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\123456\AppData\Local\RAContactHistory.xml [2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\123456\AppData\Roaming\winscp.rnd [2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Lite [2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Pro [2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Exif Viewer [2013.02.24 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\iFunbox_UserCache [2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\ImgBurn [2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\kuaiyong [2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\OpenOffice.org [2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PDAppFlex [2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PeerNetworking [2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\redsn0w [2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Samsung [2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Sinvise Systems [2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Tibia [2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\TibiaTestserver ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.03.2013 14:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\123456\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free
15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system |
"{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system |
"{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system |
"{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
"{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system |
"{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
"{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe |
"TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe |
"UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"Exif-Viewer" = Exif-Viewer 2.51
"Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"PunkBusterSvc" = PunkBuster Services
"Tibia Testserver_is1" = Tibia Testserver
"Tibia_is1" = Tibia
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.03.2013 18:02:47 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4f8350e0 Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.586, Zeitstempel:
0x504833fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000017faac ID des fehlerhaften
Prozesses: 0xc58 Startzeit der fehlerhaften Anwendung: 0x01ce1c488e4e1f44 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Berichtskennung:
e903c05d-883b-11e2-a5e3-e2d20d316c67
Error - 08.03.2013 18:03:24 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description =
Error - 08.03.2013 19:50:18 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000051e2c
ID
des fehlerhaften Prozesses: 0x25e4 Startzeit der fehlerhaften Anwendung: 0x01ce1c57afafe452
Pfad
der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll Berichtskennung: ee18ca03-884a-11e2-a5e3-e2d20d316c67
Error - 08.03.2013 20:44:31 | Computer Name = 123456-1337 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x777ddfe4] Bitte Avira informieren
und die obige Datei übersenden!
Error - 08.03.2013 20:58:31 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
Version: 25.0.571.0, Zeitstempel: 0x4df02205 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0000000000051cd6 ID des fehlerhaften Prozesses: 0x2e08 Startzeit der fehlerhaften
Anwendung: 0x01ce1c61311a949d Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Pfad des fehlerhaften Moduls:
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Berichtskennung:
75497a31-8854-11e2-a5e3-e2d20d316c67
Error - 08.03.2013 20:58:56 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
Version: 25.0.571.0, Zeitstempel: 0x4df02205 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00000000000035c0 ID des fehlerhaften Prozesses: 0x2e08 Startzeit der fehlerhaften
Anwendung: 0x01ce1c61311a949d Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Pfad des fehlerhaften Moduls:
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Berichtskennung:
845e722e-8854-11e2-a5e3-e2d20d316c67
Error - 09.03.2013 07:33:30 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description =
Error - 09.03.2013 09:13:02 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001e59a
ID
des fehlerhaften Prozesses: 0x700 Startzeit der fehlerhaften Anwendung: 0x01ce1cb9baa2c761
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 121848f6-88bb-11e2-8062-efac97c2646d
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000003700
ID
des fehlerhaften Prozesses: 0x64c Startzeit der fehlerhaften Anwendung: 0x01ce1cc7f895e515
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 36b71363-88bb-11e2-8062-efac97c2646d
Error - 09.03.2013 09:27:38 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000011f82
ID
des fehlerhaften Prozesses: 0x1bfc Startzeit der fehlerhaften Anwendung: 0x01ce1cc81cfd1066
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1c3c0d25-88bd-11e2-8062-efac97c2646d
[ System Events ]
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.03.2013 09:13:03 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 09.03.2013 09:27:39 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
passiert.
< End of report >
|
|
15.03.2013, 14:13
| #2 |
| /// Helfer-Team  | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach: Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten - berichten
__________________ |
|
15.03.2013, 19:08
| #3 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?Code:
ATTFilter # AdwCleaner v2.114 - Datei am 15/03/2013 um 19:05:55 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ruper - RUPER-1337
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ruper\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\bprotector_prefs.js
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Ruper\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Ruper\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\deda8de66fed45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\deda8de66fed45
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\c2daolhf.Ruper - Kopie\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\prefs.js
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\xq5xt57x.Standard-Benutzer2\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3940 octets] - [26/11/2012 19:40:51]
AdwCleaner[R2].txt - [5186 octets] - [27/11/2012 17:12:13]
AdwCleaner[R3].txt - [1057 octets] - [27/11/2012 17:16:27]
AdwCleaner[R4].txt - [7502 octets] - [15/03/2013 19:04:58]
AdwCleaner[S2].txt - [5217 octets] - [27/11/2012 17:12:31]
AdwCleaner[S3].txt - [7296 octets] - [15/03/2013 19:05:55]
########## EOF - C:\AdwCleaner[S3].txt - [7356 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.15.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruper :: RUPER-1337 [administrator]
15.03.2013 19:01:53
mbar-log-2013-03-15 (19-01-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30204
Time elapsed: 16 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
15.03.2013, 21:23
| #4 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten - berichten |
|
16.03.2013, 01:27
| #5 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Sorry, hatte ich in der Eile ganz vergessen. Datei ist zu groß um sie anzuhängen und zum posten genauso. Hab es jetzt mal bei nopaste reingestellt, hoffe dies ist in ordnung: hxxp://nopaste.info/892b804683.html |
|
17.03.2013, 10:12
| #6 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
__________________ --> Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? |
|
17.03.2013, 12:02
| #7 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Ja, leider gestern und vorgestern einige Bluescreens. Habe das Screenshot im Anhang gepackt. |
|
17.03.2013, 12:46
| #8 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Mal asufuehren: http://www.trojaner-board.de/78405-w...er-testen.html |
|
17.03.2013, 17:23
| #9 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Laut Speicherdiagnose keine Fehler. |
|
19.03.2013, 19:36
| #10 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? OK, bitte Screenshot davon: CrystalDiskInfo - Download - Filepony und dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
|
19.03.2013, 21:09
| #11 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 20:54:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,75% Memory free
15,79 Gb Paging File | 13,33 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 638,39 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: RUPER-1337 | User Name: Ruper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system |
"{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system |
"{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system |
"{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
"{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system |
"{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
"{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe |
"{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe |
"{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe |
"TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe |
"UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.4.2
"DAEMON Tools Pro" = DAEMON Tools Pro
"Exif-Viewer" = Exif-Viewer 2.51
"Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"PunkBusterSvc" = PunkBuster Services
"TeXstudio_is1" = TeXstudio 2.3
"Tibia Testserver_is1" = Tibia Testserver
"Tibia_is1" = Tibia
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.03.2013 12:00:08 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73fb4d62 ID des fehlerhaften
Prozesses: 0xb60 Startzeit der fehlerhaften Anwendung: 0x01ce24bad1e3f614 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 11f4429b-90ae-11e2-a456-889d5b4ba763
Error - 19.03.2013 12:00:13 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010,
Zeitstempel: 0x50aee9f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4
ID
des fehlerhaften Prozesses: 0x1a4c Startzeit der fehlerhaften Anwendung: 0x01ce24bad77f53d9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 153c885b-90ae-11e2-a456-889d5b4ba763
Error - 19.03.2013 13:07:25 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc9e0 Name des fehlerhaften Moduls: msxml3.dll,
Version: 8.110.7601.17988, Zeitstempel: 0x50920c3d Ausnahmecode: 0xc0000005 Fehleroffset:
0x000000000001abbc ID des fehlerhaften Prozesses: 0x1d64 Startzeit der fehlerhaften
Anwendung: 0x01ce24c3e1769f62 Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 7872ab6a-90b7-11e2-a456-889d5b4ba763
Error - 19.03.2013 14:03:18 | Computer Name = Ruper-1337 | Source = WinMgmt | ID = 10
Description =
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 19.03.2013 14:02:20 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description =
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description =
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description =
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
Code:
ATTFilter OTL logfile created on: 19.03.2013 20:54:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruper\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,75% Memory free 15,79 Gb Paging File | 13,33 Gb Available in Paging File | 84,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,52 Gb Total Space | 638,39 Gb Free Space | 69,13% Space Free | Partition Type: NTFS Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: xyz | User Name: Ruper | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Users\Ruper\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () PRC - C:\Program Files (x86)\mIRC\mirc.exe (mIRC Co. Ltd.) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () MOD - C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation) DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01 [binary data] IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\Extensions [2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions [2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ruper\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi [2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi [2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml [2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml [2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.t-online.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.t-online.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Docs = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Security Toolbar = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: Google Mail = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 20:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2013.03.19 20:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo [2013.03.18 18:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\texstudio [2013.03.18 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\MiKTeX [2013.03.18 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\MiKTeX [2013.03.18 18:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio [2013.03.18 18:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeXstudio [2013.03.18 18:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2013.03.18 18:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2013.03.18 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9 [2013.03.16 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\libimobiledevice [2013.03.16 13:47:34 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013.03.15 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Ruper\Desktop\mbar [2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ruper\Desktop\OTL.exe [2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols [2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols [2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86) [2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86) [2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\ElevatedDiagnostics [2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\HpUpdate [2013.03.08 16:04:13 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMa011.dll [2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\HP [2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\Ruper\Desktop\Paris [2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.06 14:03:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.03.06 14:03:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.03.06 14:03:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.03.06 14:03:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.03.06 14:03:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.03.06 14:03:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.03.06 14:03:24 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.06 14:03:24 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.03.06 14:03:24 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.03.06 14:03:24 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.03.06 14:03:24 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.03.06 14:03:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.03.06 14:03:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.03.06 14:03:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.03.06 14:03:24 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.03.06 14:03:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.03.06 14:03:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.03.06 14:03:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.03.06 14:03:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.03.06 14:03:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.03.06 14:03:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.03.06 14:03:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.03.06 14:03:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.03.06 14:03:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.03.06 14:03:23 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.06 14:01:18 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.06 14:01:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.03.06 14:01:14 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\Google [2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.28 12:44:50 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 12:44:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 12:44:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 12:44:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 12:44:46 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 12:44:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 12:44:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 12:44:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 12:44:41 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 12:44:41 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 12:44:41 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 12:44:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 12:44:41 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 12:44:41 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 12:44:41 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 12:44:41 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 12:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 12:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 12:44:41 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 12:44:41 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 12:44:40 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 12:44:40 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 12:44:40 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 12:44:40 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 12:44:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 12:44:40 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 12:44:40 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 12:44:40 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 12:44:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 12:44:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 12:44:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 12:44:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 12:44:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\kuaiyong [2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong [2013.02.22 12:38:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.22 12:38:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.22 12:38:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.22 12:38:49 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 20:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.19 20:51:02 | 000,001,940 | ---- | M] () -- C:\Users\Ruper\Desktop\CrystalDiskInfo.lnk [2013.03.19 20:27:14 | 000,025,806 | ---- | M] () -- C:\Users\Ruper\Desktop\Religion.odt [2013.03.19 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 19:09:01 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 19:09:01 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 19:08:40 | 000,769,330 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.19 19:08:40 | 000,673,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.19 19:08:40 | 000,170,506 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.19 19:08:40 | 000,141,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.19 19:08:40 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.19 19:02:02 | 000,001,962 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.19 19:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 19:01:28 | 625,754,970 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.19 19:01:25 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys [2013.03.18 18:40:44 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\TeXstudio.lnk [2013.03.18 00:16:44 | 000,007,334 | ---- | M] () -- C:\Users\Ruper\Desktop\OpenDocument Text (neu) (8).odt [2013.03.17 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.15 19:06:10 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.15 19:01:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.15 19:01:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.15 14:26:25 | 000,000,102 | -H-- | M] () -- C:\Users\Ruper\Desktop\.~lock.Fr. Revolution.odt# [2013.03.14 19:59:17 | 000,173,184 | ---- | M] () -- C:\Users\Ruper\Desktop\Berlinale (1).pdf [2013.03.14 19:56:12 | 000,002,366 | ---- | M] () -- C:\Users\Ruper\Desktop\Google Chrome.lnk [2013.03.11 22:50:43 | 000,033,476 | ---- | M] () -- C:\Users\Ruper\Desktop\Schermafbeelding 2013-03-11 om 22.31.24.png [2013.03.10 18:58:11 | 000,303,898 | ---- | M] () -- C:\Users\Ruper\Documents\Scan0002.jpg [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ruper\Desktop\OTL.exe [2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\Ruper\defogger_reenable [2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\Ruper\Desktop\Defogger.exe [2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\Ruper\Documents\Scan0001.jpg [2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\Ruper\Desktop\Fr. Revolution.odt [2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\Ruper\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.22 12:38:41 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.22 12:38:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.22 12:38:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.22 12:38:36 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.22 12:38:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.22 12:38:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.19 20:51:02 | 000,001,940 | ---- | C] () -- C:\Users\Ruper\Desktop\CrystalDiskInfo.lnk [2013.03.19 19:05:59 | 000,025,806 | ---- | C] () -- C:\Users\Ruper\Desktop\Religion.odt [2013.03.18 18:40:44 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\TeXstudio.lnk [2013.03.18 00:16:44 | 000,007,334 | ---- | C] () -- C:\Users\Ruper\Desktop\OpenDocument Text (neu) (8).odt [2013.03.15 19:06:02 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.15 14:26:25 | 000,000,102 | -H-- | C] () -- C:\Users\Ruper\Desktop\.~lock.Fr. Revolution.odt# [2013.03.14 19:59:12 | 000,173,184 | ---- | C] () -- C:\Users\Ruper\Desktop\Berlinale (1).pdf [2013.03.11 22:50:41 | 000,033,476 | ---- | C] () -- C:\Users\Ruper\Desktop\Schermafbeelding 2013-03-11 om 22.31.24.png [2013.03.10 18:58:11 | 000,303,898 | ---- | C] () -- C:\Users\Ruper\Documents\Scan0002.jpg [2013.03.10 16:58:20 | 000,024,576 | ---- | C] () -- C:\Users\Ruper\Desktop\memtest.exe [2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\Ruper\defogger_reenable [2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\Ruper\Desktop\Defogger.exe [2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\Ruper\Documents\Scan0001.jpg [2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\Ruper\Desktop\Fr. Revolution.odt [2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\Ruper\Desktop\Google Chrome.lnk [2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\Ruper\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.24 23:01:41 | 625,754,970 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\Ruper\AppData\Local\RAContactHistory.xml [2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\Ruper\AppData\Roaming\winscp.rnd [2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\DAEMON Tools Lite [2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\DAEMON Tools Pro [2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Exif Viewer [2013.03.16 15:03:40 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\iFunbox_UserCache [2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\ImgBurn [2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\kuaiyong [2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\OpenOffice.org [2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\PDAppFlex [2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\PeerNetworking [2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\redsn0w [2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Samsung [2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Sinvise Systems [2013.03.18 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\texstudio [2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Tibia [2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\TibiaTestserver ========== Purity Check ========== < End of report > |
|
20.03.2013, 19:12
| #12 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Windows Repair Tool (AIO)
|
|
21.03.2013, 21:30
| #13 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Schade, aber Firefox stürzt immer noch ab. |
|
22.03.2013, 12:43
| #14 |
| /// Helfer-Team | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Firefox deinstallieren und neu installieren. |
|
22.03.2013, 23:08
| #15 |
| | Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Funktioniert alles nicht, Firefox stürzt immer noch ab, Bluescreens komme immer noch. Zum Verzweifeln! |
|
| Themen zu Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? |
| absturz, adobe reader xi, antivir, autorun, avg secure search, avg security toolbar, bluescreen, bluescreen kmode_exception_not_handled, bonjour, ccc.exe, computer, fehler, firefox, flash player, install.exe, jdownloader, logfile, malware, mozilla, msvcrt, netzwerk, plug-in, realtek, registry, rundll, secure search, security, software, svchost.exe, vtoolbarupdater |
Linear-Darstellung
