| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Build 7601 ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.04.2013, 17:05
| #1 |
 |  Windows 7 Build 7601 Problem Guten Tag, liebe Community Ich habe folgendes Problem: Vor zwei Wochen startete mein Pc nicht mehr ordentlich (Bild war in Falschfarben etc.) bis ich erkannte, dass meine GraKa defekt war, weshalb es bis vergangenen Dienstag dauerte bis ich eine neue hatte. Als ich den PC schließlich wieder zum Laufen brachte, wurde mir die Information angezeigt "Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt", darüber stand/steht "Windows 7 Build 7601". Ich gab den Product Key ein, jedoch stand anschließend "Testversion" dort. Erst als Administrator ging die Meldung dahin. Doch das hauptsächliche Problem ergibt sich erst jetzt, da ich bei jedem Hochfahren den Product-Key neu eingeben muss, denn die Anzeige ist jedesmal in der Ecke und geht erst von dannen, wenn der Key eingegeben wird. Die Woche zuvor, als ich mit meiner defekten GraKa im abgesicherten Modus (da er sich sonst aufhing) am PC war und nur ein Viertel den Bildschirmes vor Augen hatte, konnte ich nicht sehen, ob es schon vorher da stand. Trotzallem führte ich erstmal mit Malwarebytes-Anti Malware, Microsoft Essentials und McAfee Scans durch, die nichts fanden (da ich erstmal einen Verdacht hatte, wegen des plötzlichen Defekts) Ich hoffe, ihr könnt mir helfen. OTL-Log: Code:
ATTFilter OTL logfile created on: 12.04.2013 19:22:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,18% Memory free 6,00 Gb Paging File | 4,71 Gb Available in Paging File | 78,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 326,44 Gb Free Space | 70,10% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 18,44 Gb Free Space | 6,19% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 19:17:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.13 01:37:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.01.08 12:36:20 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.10.05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2008.07.26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyB0EtA0EyD0DtDzztCtBtBtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1697824259 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyB0EtA0EyD0DtDzztCtBtBtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1697824259 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appid=04e35e64-5f83-4054-81ec-09994ce1fc2a IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 DC 6D 71 EC 4A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=18be8122000000000000001617e3e5d0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.08 13:21:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.08 13:21:46 | 000,000,000 | ---D | M] [2012.06.08 11:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.29 14:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: WOT = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.05.30 17:33:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78F4FF4B-475D-4C63-A512-61EB39BADE6F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC42FE06-C65C-4912-888F-9894463A366A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: ({DLL_Str}) - File not found O20 - AppInit_DLLs: ({DLL_Str}) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 19:17:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.11 03:24:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2013.04.11 03:24:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2013.04.11 03:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.10 14:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.04.10 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.10 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.10 14:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.10 14:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.10 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.10 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.04.10 14:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.04.10 14:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.10 14:12:26 | 000,000,000 | ---D | C] -- C:\AMD [2013.04.09 18:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2013.04.09 18:36:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2013.04.09 18:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zebNet Windows Keyfinder 2012 R2 [2013.03.28 22:17:57 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013.03.28 22:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2013.03.28 20:50:14 | 011,119,648 | ---- | C] (McAfee Inc) -- C:\Users\***\Desktop\stinger32_11.0.0.210.exe [2013.03.15 00:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 00:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 00:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 19:18:38 | 000,011,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 19:18:38 | 000,011,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 19:17:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.12 19:15:42 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.12 18:58:07 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.04.12 18:58:07 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013.04.12 18:55:26 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 18:55:26 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 18:55:26 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 18:55:26 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 18:55:26 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.12 18:51:34 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.12 18:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 18:51:06 | 2414,723,072 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 00:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 00:36:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 22:03:58 | 000,111,636 | ---- | M] () -- C:\Users\***\Desktop\gfgtnjsfm.JPG [2013.04.11 21:32:31 | 001,499,082 | ---- | M] () -- C:\Users\***\Desktop\20130411_131402.jpg [2013.04.11 20:08:17 | 000,979,825 | ---- | M] () -- C:\Users\***\Desktop\0a.jpg [2013.04.11 03:21:22 | 000,444,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 03:21:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.04.10 18:27:23 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\DSC_3902.mp4 [2013.04.10 17:11:52 | 004,917,667 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Uncle Bernard feat Kaya (Prod by Motion Picture Music).mp3 [2013.04.10 17:11:41 | 003,476,110 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Sorry But I Gotta Go feat Kaya (Prod by The Remedy).mp3 [2013.04.10 17:11:36 | 002,643,534 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - A Life Without Love (Is Like A Year Without Summer) (Prod by Obey City).mp3 [2013.04.10 16:18:29 | 002,226,830 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Breaking (Prod by Erick Arc Elliott).mp3 [2013.04.10 16:17:25 | 003,187,731 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Little Brother (Prod by Flash Frequency Music).mp3 [2013.04.10 16:17:24 | 003,187,731 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Aint Nobody Supposed To (Love That) (Prod by The Remedy).mp3 [2013.04.10 16:17:23 | 004,581,210 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - T feat Glasser.mp3 [2013.04.10 16:17:22 | 003,059,835 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Bad Habit feat Hellacopter City (Prod by Erick Arc Elliott).mp3 [2013.04.10 15:12:13 | 004,180,805 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Love Ripple feat Kaya (Prod by Erick Arc Elliott).mp3 [2013.04.10 15:12:12 | 004,565,327 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Family Matters feat Harlem Childrens Zone (Prod by Flash Frequency Music).mp3 [2013.04.10 15:12:11 | 002,835,377 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Weed Fronter feat Kaya (Prod by Obey City).mp3 [2013.04.10 15:12:09 | 003,316,032 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - After Lovin U (Prod by Obey City).mp3 [2013.04.10 15:11:53 | 003,316,032 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Keep U (I Like) feat Kaya (Prod by Obey City).mp3 [2013.04.10 14:41:25 | 005,483,574 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Sleep feat Flatbush ZOMBiES.mp3 [2013.04.10 14:41:24 | 003,492,410 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Almost Forgotten (Prod by Flash Frequency Music).mp3 [2013.04.10 14:41:17 | 002,643,534 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - HNC (Prod by Obey City).mp3 [2013.04.10 14:41:15 | 004,052,909 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Pimptroduction feat Kaya (Prod by Erick Arc Elliott).mp3 [2013.04.10 14:41:14 | 003,124,201 | ---- | M] () -- C:\Users\***\Desktop\Erick Arc Elliott - Almost Remembered (Prod by Erick Arc Elliott).mp3 [2013.04.09 20:19:49 | 000,042,299 | ---- | M] () -- C:\Users\***\Documents\michelle_sms.odt [2013.04.09 19:44:39 | 001,024,050 | ---- | M] () -- C:\Users\***\Desktop\IMG.pdf [2013.04.09 18:19:43 | 002,774,400 | ---- | M] () -- C:\Users\***\Desktop\de_windows_keyfinder_2012_x86.exe [2013.04.07 16:21:54 | 264,194,461 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.29 04:14:23 | 000,000,112 | RH-- | M] () -- C:\Users\***\Desktop\Stinger.opt [2013.03.28 20:50:41 | 011,119,648 | ---- | M] (McAfee Inc) -- C:\Users\***\Desktop\stinger32_11.0.0.210.exe [2013.03.23 02:02:03 | 000,001,495 | ---- | M] () -- C:\Users\***\AppData\Local\RecConfig.xml [2013.03.19 01:17:45 | 001,389,056 | ---- | M] () -- C:\Users\***\Desktop\synchrotron.pps [2013.03.19 00:19:52 | 000,104,297 | ---- | M] () -- C:\Users\***\Desktop\Zyklotron.odp [2013.03.17 22:07:41 | 000,520,209 | ---- | M] () -- C:\Users\***\Desktop\Anhänge_2013317.zip [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 19:15:40 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.12 18:57:48 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2013.04.12 18:57:48 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2013.04.11 22:03:52 | 000,111,636 | ---- | C] () -- C:\Users\***\Desktop\gfgtnjsfm.JPG [2013.04.11 21:31:58 | 001,499,082 | ---- | C] () -- C:\Users\***\Desktop\20130411_131402.jpg [2013.04.11 20:07:54 | 000,979,825 | ---- | C] () -- C:\Users\***\Desktop\0a.jpg [2013.04.11 03:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.10 18:27:23 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\DSC_3902.mp4 [2013.04.10 18:27:07 | 084,780,226 | ---- | C] () -- C:\Users\***\Desktop\DSC_3902.AVI [2013.04.10 17:11:31 | 004,917,667 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Uncle Bernard feat Kaya (Prod by Motion Picture Music).mp3 [2013.04.10 17:11:28 | 003,476,110 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Sorry But I Gotta Go feat Kaya (Prod by The Remedy).mp3 [2013.04.10 17:11:26 | 002,643,534 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - A Life Without Love (Is Like A Year Without Summer) (Prod by Obey City).mp3 [2013.04.10 16:18:24 | 002,226,830 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Breaking (Prod by Erick Arc Elliott).mp3 [2013.04.10 16:17:02 | 003,059,835 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Bad Habit feat Hellacopter City (Prod by Erick Arc Elliott).mp3 [2013.04.10 16:16:59 | 003,187,731 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Aint Nobody Supposed To (Love That) (Prod by The Remedy).mp3 [2013.04.10 16:16:58 | 003,187,731 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Little Brother (Prod by Flash Frequency Music).mp3 [2013.04.10 16:16:56 | 004,581,210 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - T feat Glasser.mp3 [2013.04.10 15:11:53 | 002,835,377 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Weed Fronter feat Kaya (Prod by Obey City).mp3 [2013.04.10 15:11:50 | 004,565,327 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Family Matters feat Harlem Childrens Zone (Prod by Flash Frequency Music).mp3 [2013.04.10 15:11:48 | 003,316,032 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - After Lovin U (Prod by Obey City).mp3 [2013.04.10 15:11:46 | 004,180,805 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Love Ripple feat Kaya (Prod by Erick Arc Elliott).mp3 [2013.04.10 15:11:45 | 003,316,032 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Keep U (I Like) feat Kaya (Prod by Obey City).mp3 [2013.04.10 14:40:31 | 002,643,534 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - HNC (Prod by Obey City).mp3 [2013.04.10 14:40:24 | 003,492,410 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Almost Forgotten (Prod by Flash Frequency Music).mp3 [2013.04.10 14:40:21 | 003,124,201 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Almost Remembered (Prod by Erick Arc Elliott).mp3 [2013.04.10 14:40:18 | 004,052,909 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Pimptroduction feat Kaya (Prod by Erick Arc Elliott).mp3 [2013.04.10 14:40:14 | 005,483,574 | ---- | C] () -- C:\Users\***\Desktop\Erick Arc Elliott - Sleep feat Flatbush ZOMBiES.mp3 [2013.04.09 19:44:36 | 001,024,050 | ---- | C] () -- C:\Users\***\Desktop\IMG.pdf [2013.04.09 18:22:29 | 000,002,203 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zebNet Windows Keyfinder 2012 R2.lnk [2013.04.09 18:19:38 | 002,774,400 | ---- | C] () -- C:\Users\***\Desktop\de_windows_keyfinder_2012_x86.exe [2013.03.29 04:14:23 | 000,000,112 | RH-- | C] () -- C:\Users\***\Desktop\Stinger.opt [2013.03.19 01:17:42 | 001,389,056 | ---- | C] () -- C:\Users\***\Desktop\synchrotron.pps [2013.03.17 22:07:38 | 000,520,209 | ---- | C] () -- C:\Users\***\Desktop\Anhänge_2013317.zip [2013.03.17 22:06:24 | 000,104,297 | ---- | C] () -- C:\Users\***\Desktop\Zyklotron.odp [2013.02.27 04:30:44 | 000,000,173 | ---- | C] () -- C:\Users\***\AppData\Local\msmathematics.qat.*** [2012.11.02 01:50:15 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012.11.02 01:50:15 | 000,012,031 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Jardinains!.dat [2012.06.08 13:14:41 | 000,241,374 | ---- | C] () -- C:\Windows\hpwins28.dat [2012.05.23 12:52:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.11.13 20:43:57 | 000,001,495 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2011.11.04 13:46:11 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2012.01.13 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.02.17 20:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apowersoft [2012.06.29 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.07.03 15:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.06.06 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FILSH Media GmbH [2012.10.08 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown_Uninstall [2012.10.08 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrooveLoader [2013.04.07 01:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.07.27 01:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iminent [2011.11.13 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.06.27 01:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.03.28 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2013.02.17 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotydl [2013.04.02 02:59:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wondershare [2011.11.24 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 19:55:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HDS721050CLA362 rev.JP2OA3MA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kxdiapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ffd000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002ffd00e 3 bytes [00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 19:22:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,18% Memory free
6,00 Gb Paging File | 4,71 Gb Available in Paging File | 78,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 326,44 Gb Free Space | 70,10% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 18,44 Gb Free Space | 6,19% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE0AF35-8F4F-451A-A4A0-EFF9FA96C795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A00287B-9455-4447-AA9D-46F66195BD65}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D805E18-8830-422B-AC3A-4A2B0EE0ACD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39648708-D513-4D9B-8F8C-0E2F3DB53BC7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EA62C02-3F2B-4B5C-92D3-42A38EFAD412}" = rport=139 | protocol=6 | dir=out | app=system |
"{43763A48-1CAE-42F3-A82E-E9AA99AE238C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{520F33E5-9EB1-4362-91DA-E34C69CC19C8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64CE6C57-0B9C-4976-B8EB-DBF3FB277F89}" = rport=137 | protocol=17 | dir=out | app=system |
"{6652F806-FB21-4794-AC64-69D52F6A6492}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F8E7F85-7742-4E24-81A2-582A6788266D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B3427E3C-1F36-4CCB-B0F9-BF93ED610004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2E6C46C-FA69-4F77-AC3D-B394933FC824}" = lport=445 | protocol=6 | dir=in | app=system |
"{E14F688E-BFFA-4F50-82D5-E82638C684FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE10DEDF-A731-4104-B595-88949ACD8520}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00626F6B-718B-4C58-9790-728ABFF79A27}" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\launcher.patch.exe |
"{039FED4D-D5CB-416F-9A2C-B0A8421B0A13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{057375D9-3966-4055-AD6A-4F19E2DE7BC9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{069F3995-401B-4902-A90E-5D9A94419305}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{09FACA78-087B-40DC-94B0-2BB8749601D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0ACDCAE8-9627-49D6-B7A4-9A2DA4A7DA3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0CFC2C7C-FA2F-4EE3-B050-E6C1F4CD0934}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0F3C2A78-8B70-4182-9098-1794077BF333}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{13897BCA-3A4D-4EA0-BA7C-CDB9D99DC7EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16C8D1E6-5854-4343-8203-44C65CB4424C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20228FE5-AC55-4945-A193-AA80C54EE2EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{25BCCEBC-F431-424C-B094-2D0C2EDE54AF}" = dir=in | app=c:\program files (x86)\apowersoft\streaming audio recorder\streamingaudiorecorder.exe |
"{29E0ED0A-0105-4C05-AB99-B8979E2983DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2AE86485-A498-49A9-9187-FF93428676CF}" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\launcher.exe |
"{2C99B7B2-6103-4639-BCDC-CC340FAF4052}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{32659F1C-3D71-4C1B-8D9D-F45C8F19D898}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{36341DB8-353D-47F5-8ADA-F3EB49BA8D0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{37E4C906-F5B3-4672-BD04-F77CDCDAEA95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{41895EFB-D99D-442C-AD1F-59C0EC245A54}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4565B16D-0A14-4BE6-B5C9-0EC81B5CE6BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5317BD90-10B1-4D72-98A0-353B4C339AC1}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{537E8106-7FB5-4B6F-A584-C1666CC201DD}" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"{57894A52-80C4-4249-92CD-F6110F8DDDB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{59764B01-AE8A-4D74-8650-D4623D565EBA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A558F6B-67F3-4AAC-9D90-CEF128109810}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5CFFBE7B-4CB2-44F1-BFD2-42336998F581}" = dir=in | app=c:\program files (x86)\apowersoft\streaming audio recorder\streaming-audio-recorder.exe |
"{5DCF8A85-965E-4E11-8234-53F82ED7FA57}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6030BD73-4293-47EF-B40B-36A167C9173E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{64B8D5EC-D62A-4027-981E-2E10C5220C75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{64F40F10-AAE5-459D-8AD7-AA2857D82DB2}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{6915899B-5D1C-4481-AC60-7FA3101F6FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C55301E-9E74-4C08-B794-E1C320E0B8B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6CE3B057-9DCA-43C5-9595-180706155422}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6DF33564-5A39-4353-B1F0-D1D84B38194A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{716CFB48-E93B-4E65-95A8-8A49E4989851}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{752F73E3-AD20-47E5-A61B-4E798ADE3D97}" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"{7C8FE7E0-1103-4DFD-AB78-EA7022F208FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8611C51C-29DF-4F27-9198-30BC7E9A6F51}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E356A8B-F149-445F-B320-6996EFD35A24}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{A16D1727-0200-44E7-9EFA-EE282C3EA1ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A29B9406-1ABC-4032-8A80-C5885679EF9C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{A918250E-B87F-4865-AC00-56359F9C8D29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A968CE23-3DBF-4805-A097-EEA22B207261}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B204785B-3227-4A04-9EDD-7EC65D0CACD1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{B4ADD0B3-F21F-4D15-BAE6-BDA851893812}" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"{B6C24D39-C4DA-4D87-9915-2B19852D374B}" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"{B7C86CB7-A38A-462C-8AED-4920B9A6BBF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE865339-0A17-436E-9184-A9F2565581DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{C2906299-A220-4161-B1AA-7C5759C4E862}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{CB6159D0-FAAC-4C3A-83B1-9E4AE3B14E98}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{CF01CB5E-99DE-4A59-8DC3-5F22942CC485}" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"{CF059800-C30B-47AF-9E9A-D5CC5DDF47A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4D863F7-486A-4286-B404-22A1FDC0343B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{E0B7F4CD-8FD0-4654-B06A-ED96B0CB6020}" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"{E64AFFA3-9807-4E09-A441-1BB26418F07C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E6BF2B46-F3FA-4F04-88ED-05B98D43A3E8}" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\launcher.patch.exe |
"{E865B6D9-3861-4A75-A46B-EC2C30CBA24C}" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\launcher.exe |
"{EC36D115-9513-4EAA-BFA8-D2E7F7966B54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F2E749CC-AFE7-4C60-8816-462F123CF83B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F622A657-7EFE-4F18-9069-5A9E8E5E1C11}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{F8799F57-BBC2-4DBA-AD50-E6066A8F394F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F9298E30-135B-4B86-9FF7-498FBCE9C868}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F9E4653E-3EBE-49BE-8D88-9814986DDFD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"TCP Query User{18403146-65D4-46AA-9D35-74FDAB797FD7}F:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=f:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{292FB256-93DE-474A-818F-05A5B5B241FD}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2AC787A3-6799-4E35-85B1-16DF0E0EFF05}C:\users\***\documents\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{31804A8E-2DCE-4C88-A28A-60F95CFD5E74}C:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{7227B192-E7F3-4C5E-A017-1A1C341743F0}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{8368315B-DF31-455A-A2A2-907799EF3F78}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{C5B3325D-1719-4E8F-9BDB-7CE9DBCE426D}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{6D9F4490-147D-4632-A62A-8CF21704921A}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{707A6A4B-F672-420C-A580-4C8C8001C656}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{93DAC526-6DA9-44F7-80FC-C1820442AF37}C:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{B3A92853-694C-44DD-9978-8FC405E2230C}F:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=f:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{BE8C5D73-847C-494D-9EA4-DDE80DABCA2C}C:\users\***\documents\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{CB6A4965-D47F-4D0A-BB0B-6644B429DDAB}C:\users\***\documents\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\documents\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{E2BCA9FC-1126-4834-91D3-C1F38D7F4593}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Free Video Dub_is1" = Free Video Dub version 2.0.11.627
"Google Chrome" = Google Chrome
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"Jardinains!" = Jardinains!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Verbatim Hard Drive Formatter_is1" = Verbatim Hard Drive Formatter
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"zebNet Windows Keyfinder 2012 R24.0.0" = zebNet Windows Keyfinder 2012 R2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2012 10:22:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.09.2012 10:22:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12297
Error - 25.09.2012 10:22:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12297
Error - 26.09.2012 07:24:22 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.09.2012 12:20:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.09.2012 12:20:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2141
Error - 26.09.2012 12:20:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2141
Error - 26.09.2012 12:20:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.09.2012 12:20:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6078
Error - 26.09.2012 12:20:56 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6078
[ System Events ]
Error - 07.04.2013 17:22:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2013 02:58:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 09.04.2013 11:29:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 09.04.2013 11:35:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 09.04.2013 12:45:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 10.04.2013 21:21:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 11.04.2013 07:37:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 11.04.2013 07:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 12.04.2013 12:42:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 12.04.2013 12:51:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
< End of report >
|
|
18.04.2013, 13:59
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 Build 7601 Problem Hallo,
__________________Zitat:
Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ |
|
18.04.2013, 18:36
| #3 |
| | Windows 7 Build 7601 Problem Zur ersten Frage:
__________________Die Aktivierung klappt, aber ich muss jeden Start den Key neu eingeben, damit mein PC sich nicht "sperrt" um mich quasi dazu zu zwingen den Key einzugeben. Und gerade bin ich auch Zeuge davon geworden, dass der PC, nach längerem Bedienen nach der Aktivierung, wieder die Meldung anzeigt und ich den Key mal wieder eingeben muss. Zur zweiten Frage: Das ist Zufall, da der Computer damals von einem Bekannten neu aufbereitet wurde auf Win7. Geändert von Einequalle (18.04.2013 um 18:43 Uhr) |
|
18.04.2013, 19:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Build 7601 Problem Das hier schon probiert? => http://www.trojaner-board.de/126216-...tml#post946713
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.04.2013, 15:13
| #5 |
| | Windows 7 Build 7601 Problem Ich habe es gestern durchlaufen lassen, doch es besteht noch immer dasselbe Problem. Eben habe ich den Benutzer gewechselt, beim anderen jedoch schon den Key eingegeben, und Microsoft Security Essentials aktiviert (da es ja auch automatisch streikt, wenn Windows nicht bestätigt ist), seltsamerweise, da in der Ecke wieder die Meldung steht, war vorher noch nicht so, beim Benutzerwechsel. |
|
19.04.2013, 15:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Build 7601 Problem Systemwiederherstellungspunkt schon probiert?
__________________ --> Windows 7 Build 7601 Problem |
|
19.04.2013, 15:26
| #7 |
| | Windows 7 Build 7601 Problem Ja, keine Veränderung. |
|
19.04.2013, 15:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Build 7601 Problem Dann gehen mir auch die Ideen aus  Du könntest ja mal eine komplette Sicherung von dem jetzigen Zustand machen (Image bzw ein Abbild deines Systems) und dann eine Repearturinstallation probieren (inplace upgrade) - wenn es sich nicht gebessert hat oder du erheblich Mehraufwand hast weil wieder Programme unsw fehlen kannst du einfach das Image wiederherstellen und dann überlegt man sich etwas anderes....notfalls komplette Neuinstallation.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2013, 15:36
| #9 |
| | Windows 7 Build 7601 Problem Zu der Neuinstallation: Ich habe nur die Refurbished CD für Win7 Pro. Ist das ganz gleich wie die normale Version? Ich hab noch nie einen PC neu aufgesetzt deswegen frage ich. |
|
19.04.2013, 15:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Build 7601 Problem Schau mal hier => http://www.trojaner-board.de/100776-...tml#post676887
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2013, 15:43
| #11 |
| | Windows 7 Build 7601 Problem Entschuldigung für die lange vergangene Zeit, es gab noch einiges zu machen. Aber nun ist es vollbracht. Es hat alles super geklappt und das Problem ist nun auch gelöst. Dankeschön cosinus! |
|
03.05.2013, 23:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Build 7601 Problem Freut mich, dass ich helfen konnte! Probleme oder Fragen sind nicht mehr offen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2013, 14:40
| #13 |
| | Windows 7 Build 7601 Problem Keine Fragen oder Probleme. Alles in Ordnung (: |
|
| Themen zu Windows 7 Build 7601 Problem |
| 7-zip, adblock, administrator, adobe, anzeige, application/pdf:, autorun, battle.net, bho, bonjour, browser, build 7601, defender, error, explorer, fehler, firefox, flash player, genuine, helper, homepage, logfile, microsoft essentials, msvcrt, nodrives, officejet, plug-in, problem, programme, realtek, registry, rundll, security, software, svchost.exe, temp, tracker, udp, windows, windows-kopie, windows7 |
Linear-Darstellung
