| |  Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine
 Hallo,
ich habe mir mal wieder was eingefangen und brauche Hilfe bei der Entfernung...
Überschrift beschreibt eigentlich alles.
defogger: Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:03 on 16/05/2013 (Jerekin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
OTL extras: Zitat:
OTL Extras logfile created on: 16.05.2013 13:06:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerekin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,43% Memory free
7,71 Gb Paging File | 6,43 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,38 Gb Free Space | 42,82% Space Free | Partition Type: NTFS
Computer Name: HELLCAT | User Name: Jerekin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BA2690-6FD5-457F-AE24-C67C2DE27651}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{547F2209-0456-4525-931C-5E0639485DD2}" = lport=445 | protocol=6 | dir=in | app=system |
"{5518BDDE-39E5-4776-9E6D-92860CD0DE5E}" = lport=138 | protocol=17 | dir=in | app=system |
"{56FB068A-0767-4BDB-9246-CBD435D35B0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{631AF7C9-7896-4242-B3C4-EADAF14B07CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8350F559-E2D9-4F23-B77D-DB683DB8805E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8B03EB64-5C3E-4B64-9B3D-56190564451C}" = rport=445 | protocol=6 | dir=out | app=system |
"{91164E4B-FECA-4F3C-9E93-26C07E7C3FA3}" = rport=138 | protocol=17 | dir=out | app=system |
"{B7F923BC-F100-4CA6-B326-799A35554F74}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9E0AC24-4B8F-4067-B319-DC5A95BCD5D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE154FEF-8930-4E3A-9E1D-F6A7B34CC053}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4FA9C01-D7EB-4AFA-A56F-10592D71DF91}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDF34E8B-51D2-45FD-8551-491352DAF75A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF9F9C46-EA37-4C35-8E78-D4762175D76F}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1C305-E0E5-44ED-BD31-47DBB06130BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BF02CD5-FB0A-4B82-AD8A-977F7AB805FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1FD1381C-E40A-4F7E-9C21-D6338FAABE0E}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{2CD9FADC-86EA-4C20-8950-F675FDF2094B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{585E9200-AED7-465E-9C95-A5E211010B63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A8080D5-EF0D-4AE1-8AAA-0A95CFB1E636}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F5885CE-3EE6-4A18-B466-FF6499B1D9D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60041584-8259-4D95-8C67-C2D8E365BC6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65F566E5-7C7D-46D2-81D2-658FF72058B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AF58DA1-E432-47DC-ABD1-82BD546FEB95}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{71E39B0D-3588-4679-B36A-A7A9B6E38471}" = protocol=17 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraftsp.exe |
"{762DDC18-4F82-4A25-A09F-396633367F66}" = protocol=6 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraftsp.exe |
"{7D0D2303-571F-4FF8-AE56-A088A7E332D7}" = protocol=6 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraft.exe |
"{7F3D29C5-6D81-430F-A15D-809D64625E18}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C7CAA99-72DA-46FB-85BE-675DCBD95024}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{8D90FF72-5D3A-4930-9472-D2859B4874BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9AE1C42F-D0C7-4962-B93D-4200E49B2899}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{A0E46D43-BC9C-4B4B-88E2-1FA64F2B7A6B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2DDEF63-980A-4373-A249-2A461439E7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{A4DEA1DE-EF39-42C8-88F7-A14661672B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B72DD198-2E27-46B2-BE7A-8E429D968552}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BA2E3713-5DBF-4DD1-A804-BC45A69DF9F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BA7008FE-8911-45E9-9D5C-9D02EAAB2E2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE42B1F-33B2-4FA9-8D13-D13C6997F9D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C181DD9C-62F2-41AB-A7D6-9C719B2E98BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C280DC3F-9DBB-4784-A7E3-FD2E6E1501CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{CD6DED91-B449-4D56-BDC9-74FEFCFFCBD8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CE1B7D06-14A1-4CAD-B228-B30CA2EE34F4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{D29751AB-5540-47B3-817B-9E26B3B56607}" = protocol=17 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraft.exe |
"{D5CE7A48-09CB-4150-AED5-1D4B6C9D190F}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{E0FBEE88-BB04-41BD-BCBA-48194A51A3DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFFB9BB1-33CE-4B36-B8AA-EF83223A12C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2BBF3A4-9157-4037-9B82-904EC3B4E261}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{F9101E42-227E-40E9-B285-41EB60A78BC2}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{FABC593B-635C-48A6-AD1A-EC5152739780}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB7A8429-11A5-4414-BA3A-17C615C6EB65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{18CCBC27-8430-4448-B5E9-81F007ABF7BE}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"TCP Query User{1F380E40-C572-4994-989E-82E4F973B062}C:\program files (x86)\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1404\tools\addonweb.exe |
"TCP Query User{3244D409-28A0-42DD-A377-FCFB2E74EADA}C:\program files (x86)\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soldat\soldat.exe |
"TCP Query User{4360D866-88C3-4B04-BB1A-8575A9F44B4F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{4EA0C0DC-4C2C-4BF9-8014-4FF0B6EBB58F}C:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe |
"TCP Query User{513DFE39-325D-4631-8C0A-3A94059A2558}F:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{5E67F409-111B-45D7-86C7-E3D344302A0E}F:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\spiele\warcraft iii\war3.exe |
"TCP Query User{67D9DC85-CC46-450D-B15F-A6198065E71D}C:\program files (x86)\anno 1404\addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1404\addon.exe |
"TCP Query User{86BB51F8-478F-4443-814B-0F3C5D38E55B}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A3C7ACD1-BF23-4438-90F2-5C2604AD1985}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{AC3D6AED-350A-44AF-B758-8593C7D7D6F2}C:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe |
"TCP Query User{CF8F7AB3-4322-4C91-A2F8-C5AC4C7E6687}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{D897777A-DA52-4DF3-A0A1-09403E4113FC}C:\program files (x86)\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft 3\war3.exe |
"TCP Query User{E17BCA94-8068-48A6-9EC4-213DA21D6791}C:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe |
"TCP Query User{F693A837-DBF2-4154-88DA-B6729E821F3B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{30E0AB72-41F3-4F7E-AD3C-268E3BCEDC16}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{387336F4-8508-435F-956C-D7FDF590A551}C:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe |
"UDP Query User{43FC3118-C1A0-4ED7-B03B-0839547D984B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{4910F64D-63E8-4D8F-8899-150FE4C84095}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{77DEBEF8-E5A5-4992-97EC-2A2FBF7E6D91}F:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\spiele\warcraft iii\war3.exe |
"UDP Query User{7DC6D2A6-F7C2-4516-8710-4D8BEE887F15}C:\program files (x86)\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soldat\soldat.exe |
"UDP Query User{816B8D4A-1C1A-4DA4-BE53-DC4D7AF64B7D}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{926FBE5D-8057-4290-A15E-D597E6C9E42C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A47AA02A-C4F5-4E69-8338-5C8F5A0941DC}C:\program files (x86)\anno 1404\addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1404\addon.exe |
"UDP Query User{A4BEFFEB-D50B-4114-9F4F-C9BB7F25E655}C:\program files (x86)\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1404\tools\addonweb.exe |
"UDP Query User{B8D81D7D-74E8-49EA-9E52-7C1D2F22A995}F:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BADAF00C-4191-40FE-8428-F34FF137654D}C:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe |
"UDP Query User{BC24AC2F-DFE7-4093-841B-BF14AF01BAC5}C:\program files (x86)\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft 3\war3.exe |
"UDP Query User{BE818080-4F68-4459-90D1-6EB9E78FF031}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"UDP Query User{ECAD624E-438C-4417-838B-77F5F9F0D82F}C:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{290329c4-a276-3aec-b633-9f5a39d8dd96}" = Python 3.3.0 (64-bit)
"{3617E59D-B064-8BD2-438B-8F1089285F12}" = ATI Catalyst Install Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C578CCFC-51AF-6BF2-072B-69F8C31D3F93}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{043F2AB2-AF6B-2589-AEB9-5D418128DDD9}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052407E4-0A65-99C3-404E-6E38C96A59A5}" = Catalyst Control Center Graphics Full New
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23BE89A5-9D98-4178-4256-373C99C33170}" = CCC Help German
"{249201FA-FF48-7003-3554-69E701135176}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2B83FD9D-5645-23E3-C747-0397E1AC1D2C}" = CCC Help Portuguese
"{3050F6B7-0526-5713-CC53-72173558BCE8}" = CCC Help Turkish
"{335454E8-FEA3-F6AC-A447-3A346986F336}" = Catalyst Control Center Graphics Full Existing
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48A5740D-2A80-39A8-7A54-8DDFDD317CCF}" = CCC Help Dutch
"{49DD4818-3233-5F02-7052-0B243FB3B71A}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6363BEC5-606C-2DFA-4919-0EA54D8C9C9D}" = CCC Help French
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7D5D8D67-4B75-7098-05E9-0BF701EDA637}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838B4D12-6538-7C25-3A4F-2982583ADF2C}" = CCC Help Chinese Traditional
"{8435634B-B801-7ED6-1435-D74423DDA01B}" = CCC Help Thai
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8A965374-2E42-8167-E544-28AD9C1108E4}" = CCC Help Korean
"{8E223E43-047F-5275-E396-AC298F0296E9}" = Catalyst Control Center Core Implementation
"{8E537006-E6AC-126B-2585-588040DBAEE4}" = CCC Help Spanish
"{8E9D7728-27D6-2444-8E23-00D7B98A3413}" = CCC Help Swedish
"{91339326-913A-349A-0B34-5A87AE359E27}" = CCC Help Chinese Standard
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93304168-BA94-6C70-1F27-EB59521640B1}" = Catalyst Control Center Graphics Previews Common
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9AFC3B12-1AC9-4613-8AC8-15C2B4854D73}" = Internet Turbo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D45BB2E-07BB-5A66-B5A1-B856E55C3E67}" = CCC Help Finnish
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE724D41-088E-C204-6418-9F416129C939}" = ccc-core-static
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B375D641-9644-E4F6-963C-8CB3097C9F02}" = Catalyst Control Center InstallProxy
"{B92C36C6-E573-D6A2-4C76-A4912DA88E83}" = CCC Help Czech
"{BAB06721-6506-B106-B0BB-12953B07C1F1}" = Catalyst Control Center Localization All
"{BCBA68A6-EF04-3D34-65B2-B4D950605A11}" = CCC Help Russian
"{BD0B5456-9E2F-DCB8-A420-3164BC5B8C45}" = CCC Help Greek
"{BD884EFD-BA69-2FF9-FB21-95D4D6ABCD78}" = CCC Help Norwegian
"{C30FF28E-1D18-BD81-8B18-B784B0E7A3AD}" = Catalyst Control Center Graphics Previews Vista
"{C703222F-B0CD-4FFA-949C-03366B350028}" = JH NameGen Speech Module
"{CB133B2F-42BB-7345-97DC-D6FEA6881B2B}" = CCC Help Polish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFA943CF-B56B-4525-9F2E-38D39D86FBE4}" = CCC Help Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F31766DA-D5DE-739D-D970-746286EB8533}" = CCC Help Hungarian
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AniFX_is1" = AniFX 1.0
"avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Free Audio Converter_is1" = Free Audio Converter version 5.0.16.819
"Freemake Video Downloader_is1" = Freemake Video Downloader
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JH NameGen Gold_is1" = JH NameGen Gold 1.1.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RaidCall" = RaidCall
"Steam App 218230" = PlanetSide 2
"TagScanner_is1" = TagScanner 5.1.620
"Trine_is1" = Trine 1.08
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1177b2ef-2b60-49f9-998c-a800db67abf6}" = Internet Turbo Engine
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.05.2013 05:30:54 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x4c0 Startzeit der fehlerhaften Anwendung: 0x01ce4bcda0ba0dda Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: fa552dcb-b7c1-11e2-86c6-883801e125fb
Error - 08.05.2013 08:00:24 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0xa34 Startzeit der fehlerhaften Anwendung: 0x01ce4be01c1024d1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: dce4976a-b7d6-11e2-8752-977921c119fb
Error - 08.05.2013 15:40:07 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0x80000003 Fehleroffset: 0x0005801d ID des fehlerhaften
Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01ce4c1ec28e9187 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 15ae639a-b817-11e2-8638-d0303857bcfa
Error - 11.05.2013 17:29:46 | Computer Name = Hellcat | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1a44 Startzeit: 01ce4e8e4dbb10e5 Endzeit: 3 Anwendungspfad:
C:\Program Files (x86)\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
of Legends.exe Berichts-ID: 8f646372-ba81-11e2-872d-b639544b56fb
Error - 13.05.2013 11:41:29 | Computer Name = Hellcat | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f90 Startzeit: 01ce4ff0427ac95f Endzeit: 0 Anwendungspfad: C:\Program
Files (x86)\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 91edfeb8-bbe3-11e2-9c1b-c0cb38d969ee
Error - 14.05.2013 07:59:39 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung: 0x01ce5096b42cd15d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: c0f36c57-bc8d-11e2-9c57-c0cb38d969ee
Error - 14.05.2013 10:39:22 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x1430 Startzeit der fehlerhaften Anwendung: 0x01ce509e54951f93 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 10802c39-bca4-11e2-9c57-c0cb38d969ee
Error - 14.05.2013 11:54:36 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0x01ce50b37ce3cace Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 92f29fe8-bcae-11e2-9c57-c0cb38d969ee
Error - 14.05.2013 21:43:39 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01ce51093b8d1d12 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
dd0a5a94-bd00-11e2-9e09-c0cb38d969ee
Error - 15.05.2013 20:02:11 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: zipfldr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ce7ca34 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fef1e021b6
ID
des fehlerhaften Prozesses: 0x634 Startzeit der fehlerhaften Anwendung: 0x01ce51a0ecdb02fe
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
zipfldr.dll Berichtskennung: db251a33-bdbb-11e2-9dea-c0cb38d969ee
[ Media Center Events ]
Error - 07.11.2012 18:33:15 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 23:33:15 - Fehler beim Herstellen der Internetverbindung. 23:33:15
- Serververbindung konnte nicht hergestellt werden..
Error - 07.11.2012 19:33:20 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 00:33:20 - Fehler beim Herstellen der Internetverbindung. 00:33:20
- Serververbindung konnte nicht hergestellt werden..
Error - 09.11.2012 16:19:35 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 21:19:35 - Fehler beim Herstellen der Internetverbindung. 21:19:35
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
|
OTL: Zitat:
OTL logfile created on: 16.05.2013 13:06:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerekin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,43% Memory free
7,71 Gb Paging File | 6,43 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,38 Gb Free Space | 42,82% Space Free | Partition Type: NTFS
Computer Name: HELLCAT | User Name: Jerekin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
PRC - [2013.05.16 02:01:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013.04.29 14:09:14 | 000,020,992 | ---- | M] (Smartbar) -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.16 02:00:10 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013.05.16 02:00:09 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013.05.16 02:00:08 | 000,146,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.05.15 16:51:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 16:51:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 16:51:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.29 14:09:56 | 000,020,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.04.29 14:09:48 | 000,026,112 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.04.29 14:09:48 | 000,020,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.04.29 14:09:42 | 000,051,712 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.04.29 14:09:42 | 000,014,336 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.04.29 14:09:40 | 000,112,640 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.04.29 14:09:38 | 000,045,056 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.04.29 14:09:36 | 000,078,848 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.04.29 14:09:36 | 000,016,896 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.04.29 14:09:32 | 000,019,456 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.04.29 14:09:30 | 000,057,856 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.04.29 14:09:24 | 000,013,312 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.04.29 14:09:22 | 000,034,304 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.04.29 14:09:22 | 000,014,848 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.04.29 14:09:22 | 000,014,336 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.04.29 14:09:16 | 001,675,776 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.04.29 14:09:16 | 000,660,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.04.29 14:09:16 | 000,081,920 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.04.29 14:08:16 | 000,048,128 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.04.29 14:08:04 | 000,026,112 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013.02.13 13:32:57 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.13 13:32:55 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.20 12:34:36 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.01.20 12:34:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.20 12:34:11 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013.01.20 12:31:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.20 12:31:46 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.20 12:31:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.20 12:31:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.20 12:31:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.20 12:31:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.20 12:31:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.20 12:30:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.04 17:57:40 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010.09.14 17:22:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.16 02:01:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (eSafeSvc)
SRV - [2013.05.15 00:30:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 09:14:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.06 17:25:35 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.09.02 14:34:25 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.07 14:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.15 14:50:10 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.09.15 13:41:50 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.09.15 13:41:44 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.09.15 13:41:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.09.15 13:41:44 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.09.15 13:38:38 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.09.14 17:23:02 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.14 17:02:58 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.09.08 09:43:26 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.08.16 13:54:34 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.12 12:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010.05.12 12:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010.05.12 12:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.12 12:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 19 D3 B7 2E 73 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493"
FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.14
FF - prefs.js..extensions.enabledAddons: %7B7BDB48D1-CD94-4B99-A5A4-E418B9EE6532%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B8aa012b6-7927-4b7d-ac7b-d6675ad3fd77%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&installDate=16/05/2013&q="
FF - prefs.js..network.proxy.type: 4
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Jerekin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.10 14:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
[2013.05.16 01:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Extensions
[2013.05.16 12:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions
[2013.05.16 02:01:44 | 000,000,000 | ---D | M] ("Internet Turbo") -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{8aa012b6-7927-4b7d-ac7b-d6675ad3fd77}
[2013.04.03 13:47:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.12 22:54:29 | 000,281,921 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.05.06 13:24:07 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 23:28:52 | 007,704,332 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
[2013.05.09 14:05:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.16 02:00:38 | 000,002,439 | ---- | M] () -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\searchplugins\Web Search.xml
[2013.04.14 21:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM
[2013.03.10 14:57:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.12 09:14:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.31 02:49:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.05.16 02:01:33 | 000,000,730 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C15F93F-58AD-4B85-A730-99F1AE666285}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.16 13:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\Documents\Osprey
[2013.05.16 11:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.05.16 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.16 02:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013.05.16 02:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.05.16 02:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\eIntaller
[2013.05.16 02:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.16 02:00:07 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\Smartbar
[2013.05.16 01:59:45 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\SwvUpdater
[2013.05.16 01:59:27 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\Media Finder
[2013.05.16 01:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013.05.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\B1E
[2013.05.16 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2013.05.15 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.05.15 14:49:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2013.05.15 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\PackageAware
[2013.05.15 03:00:17 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\ElevatedDiagnostics
[2013.04.24 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.04.18 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
========== Files - Modified Within 30 Days ==========
[2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 13:03:06 | 000,000,000 | ---- | M] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | M] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 12:33:27 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 12:33:27 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 12:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 12:25:07 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 11:22:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 11:22:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 11:22:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 11:22:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 11:22:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 02:01:36 | 000,001,344 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.15 17:31:57 | 000,297,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.28 23:31:31 | 000,234,945 | ---- | M] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:32 | 004,482,629 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 23:16:26 | 000,840,581 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 22:49:56 | 000,002,084 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | M] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:28 | 000,350,862 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | M] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | M] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk
========== Files Created - No Company Name ==========
[2013.05.16 13:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | C] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 02:00:38 | 000,002,316 | ---- | C] () -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.28 23:31:31 | 000,234,945 | ---- | C] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:25 | 000,840,581 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 23:16:16 | 004,482,629 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 22:49:56 | 000,002,084 | ---- | C] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | C] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:25 | 000,350,862 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | C] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | C] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk
[2013.04.19 23:32:19 | 001,757,559 | ---- | C] () -- C:\Users\Jerekin\Desktop\MCPatcher 1.5.exe
[2012.11.10 21:28:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 21:27:50 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.06 22:11:27 | 000,000,216 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.08.05 16:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.05.09 11:22:33 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\.minecraft
[2012.08.22 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\AniFX
[2012.08.22 02:06:48 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Audacity
[2013.05.16 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2012.08.22 02:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\DVDVideoSoft
[2013.05.16 02:01:20 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\eIntaller
[2012.12.02 22:53:28 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Epson
[2013.01.17 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\FreemakeVideoDownloader
[2012.09.02 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Freemium
[2012.10.21 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Leadertech
[2012.08.06 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\LolClient
[2013.05.16 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Media Finder
[2012.11.10 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.08.22 02:41:02 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\mp3DirectCut
[2012.10.08 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Notepad++
[2012.08.26 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\OpenOffice.org
[2013.04.24 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2012.09.24 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\runic games
[2012.11.14 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Samsung
[2013.02.02 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Silver Style Entertainment
[2012.09.11 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Soldat
[2012.08.09 15:33:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TagScanner
[2013.05.15 22:28:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TS3Client
[2012.09.03 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Ubisoft
========== Purity Check ==========
< End of report >
|
gmer: befindet sich im Anhang
Danke für eure Hilfe und Grüße,
Mr. Opfer
|
16.05.2013, 14:14
Baum-Darstellung