| |
| |||||||
Log-Analyse und Auswertung: Viren auf Diskstation und PC - Adware.GamePlayLabs und weitereWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.05.2013, 19:36
| #1 |
| |  Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hallo, ich habe vor kurzem einen Scanner auf meiner synology DJ212 installiert, der gleich 21 Viren gefunden hatte. Diese habe ich gleich gelöscht, ich lasse aber gerade nochmal eine externe usb-Platte auf die ich backups der synology gemacht habe, scannen. Auf meinem PC habe ich mit Malwarebytes auch einiges gefunden. Hier die logfiles, zuerst dass der Diskstation Code:
ATTFilter ID Category Module Event Date
1 info scanner Custom Scan Started 2013-05-22 20:26:26
2 info updater Already Up to Date 2013-05-22 20:26:25
3 info updater Update Started 2013-05-22 20:24:21
4 info scanner Report: 0 file(s) are scanned, 0 infected file(s) found. All infected files are handled. 2013-05-22 20:23:55
5 warning updater Update Terminated 2013-05-22 20:23:55
6 info scanner Task Terminated 2013-05-22 20:23:54
7 info updater Update Started 2013-05-22 20:23:42
8 info scanner Report: 12853 file(s) are scanned, 0 infected file(s) found. All infected files are handled. 2013-05-22 20:23:36
9 warning updater Update Terminated 2013-05-22 20:23:36
10 info scanner Task Terminated 2013-05-22 20:23:36
11 info updater Update Started 2013-05-22 20:22:00
12 info scanner Report: 12853 file(s) are scanned, 0 infected file(s) found. All infected files are handled. 2013-05-22 12:32:23
13 info scanner System Scan Completed 2013-05-22 12:32:23
14 info scanner System Scan Started 2013-05-22 12:20:54
15 info updater Already Up to Date 2013-05-22 12:20:54
16 info updater Update Started 2013-05-22 12:19:05
17 info scanner Report: 610210 file(s) are scanned, 16 infected file(s) found. All infected files are handled. 2013-05-22 12:06:21
18 info scanner Full Scan Completed 2013-05-22 12:06:20
19 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Program Files (x86)/Spybot - Search & Destroy/advcheck.dll
2013-05-22 09:30:17
20 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Users/Jens/Downloads/FLVPlayerSetup.exe is moved to Quarantine. 2013-05-22 08:04:10
21 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Users/Jens/Downloads/FLVPlayerSetup.exe : W32.Adware.InstallCore-1 FOUND
2013-05-22 08:04:09
22 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Users/Jens/Downloads/vlc-2.0.5-win32.exe.part
2013-05-22 07:39:24
23 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/SysWOW64/taskeng.exe is moved to Quarantine. 2013-05-22 04:57:41
24 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/SysWOW64/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-22 04:57:40
25 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/System32/taskeng.exe is moved to Quarantine. 2013-05-22 04:10:10
26 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/System32/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-22 04:10:09
27 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/Backup/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_ndproxy.sys_4a9480d5 is moved to Quarantine. 2013-05-22 03:44:45
28 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/Backup/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_ndproxy.sys_4a9480d5 : Win.Trojan.Zbot-16275 FOUND
2013-05-22 03:44:44
29 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a/ndproxy.sys is moved to Quarantine. 2013-05-22 02:05:22
30 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a/ndproxy.sys : Win.Trojan.Zbot-16275 FOUND
2013-05-22 02:05:21
31 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24/rdpdr.sys is moved to Quarantine. 2013-05-22 01:45:09
32 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24/rdpdr.sys : Win.Trojan.Zbot-16284 FOUND
2013-05-22 01:45:08
33 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3/iexplore.exe is moved to Quarantine. 2013-05-22 01:01:50
34 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3/iexplore.exe : Win.Trojan.Bamital-996 FOUND
2013-05-22 01:01:49
35 info scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662/taskeng.exe is moved to Quarantine. 2013-05-21 23:42:04
36 detected scanner /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEC/Windows/winsxs/x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-21 23:42:03
37 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/20130427_191925/DRIVEH/Users/Jens/Documents/vlc-1.1.10-win32.exe
2013-05-21 16:19:50
38 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Program Files (x86)/Spybot - Search & Destroy/advcheck.dll
2013-05-21 11:12:20
39 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Users/Jens/Documents/vlc-1.1.10-win32.exe
2013-05-21 08:18:26
40 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Users/Jens/Downloads/FLVPlayerSetup.exe is moved to Quarantine. 2013-05-21 08:10:55
41 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Users/Jens/Downloads/FLVPlayerSetup.exe : W32.Adware.InstallCore-1 FOUND
2013-05-21 08:10:54
42 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Users/Jens/Downloads/vlc-2.0.5-win32.exe.part
2013-05-21 07:45:59
43 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/SysWOW64/taskeng.exe is moved to Quarantine. 2013-05-21 04:55:43
44 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/SysWOW64/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-21 04:55:42
45 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/System32/taskeng.exe is moved to Quarantine. 2013-05-21 04:07:11
46 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/System32/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-21 04:07:10
47 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/Backup/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_ndproxy.sys_4a9480d5 is moved to Quarantine. 2013-05-21 03:41:42
48 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/Backup/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_ndproxy.sys_4a9480d5 : Win.Trojan.Zbot-16275 FOUND
2013-05-21 03:41:41
49 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a/ndproxy.sys is moved to Quarantine. 2013-05-21 02:01:48
50 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a/ndproxy.sys : Win.Trojan.Zbot-16275 FOUND
2013-05-21 02:01:47
51 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24/rdpdr.sys is moved to Quarantine. 2013-05-21 01:41:31
52 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24/rdpdr.sys : Win.Trojan.Zbot-16284 FOUND
2013-05-21 01:41:30
53 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3/iexplore.exe is moved to Quarantine. 2013-05-21 00:58:18
54 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3/iexplore.exe : Win.Trojan.Bamital-996 FOUND
2013-05-21 00:58:17
55 info scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662/taskeng.exe is moved to Quarantine. 2013-05-20 23:38:31
56 detected scanner /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEC/Windows/winsxs/x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662/taskeng.exe : Win.Trojan.Agent-351251 FOUND
2013-05-20 23:38:30
57 warning scanner WARNING: failed to scan /volume1/Backup/DR-JENS-PC-Jens/latest/DRIVEH/Users/Jens/Documents/vlc-1.1.10-win32.exe
2013-05-20 14:51:35
58 info scanner Full Scan Started 2013-05-20 11:02:14
59 info updater Already Up to Date 2013-05-20 11:02:14
60 info updater Update Started 2013-05-20 10:56:58
61 info updater AntiVirus Essential installation complete 2013-05-20 10:56:36
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Jens :: JENS-PC [Administrator] 22.05.2013 12:09:09 MBAM-log-2013-05-22 (12-45-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|N:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 462247 Laufzeit: 35 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Users\Jens\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Users\Jens\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Dateien: 12 C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Users\Jens\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 22.05.2013 12:50:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 31,51% Memory free 7,99 Gb Paging File | 4,86 Gb Available in Paging File | 60,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 31,53 Gb Free Space | 28,23% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 84,74 Mb Free Space | 84,75% Space Free | Partition Type: NTFS Drive E: | 74,43 Gb Total Space | 16,67 Gb Free Space | 22,40% Space Free | Partition Type: NTFS Drive G: | 313,74 Mb Total Space | 286,33 Mb Free Space | 91,26% Space Free | Partition Type: NTFS Drive H: | 232,58 Gb Total Space | 6,20 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Drive N: | 931,51 Gb Total Space | 904,59 Gb Free Space | 97,11% Space Free | Partition Type: NTFS Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe () PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe () MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () MOD - C:\Program Files (x86)\Synology\Assistant\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\imageformats\qtiff4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\QtGui4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\QtNetwork4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\QtCore4.dll () MOD - C:\Program Files (x86)\Synology\Assistant\qwt5.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe (SiSoftware) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Rockusb) -- C:\Windows\SysNative\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd) DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd) DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (STTub30) -- C:\Windows\SysNative\drivers\STTub30.sys (STMicroelectronics) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7C CF 96 38 E3 CC 01 [binary data] IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox|hxxp://www.mydealz.de/|hxxp://www.vuplus-support.org/wbb2/thread.php?postid=508645#post508645" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.21 16:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 11:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Extensions [2013.05.09 15:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Firefox\Profiles\efth8e1i.default\extensions [2012.09.19 18:41:31 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\efth8e1i.default\extensions\testpilot@labs.mozilla.com.xpi [2013.05.09 15:32:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\efth8e1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.18 14:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.18 14:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.05.18 14:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 14:38:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.18 14:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\distribution\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: YouTube = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Calendar Checker = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\ CHR - Extension: Google Mail = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83BBF126-0371-4C24-A0FA-4AD245685A4E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.03.23 21:08:27 | 000,005,080 | ---- | M] () - C:\autotimerwizard.xml -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 12:47:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe [2013.05.22 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Malwarebytes [2013.05.22 11:03:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.18 14:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.15 22:00:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 22:00:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 22:00:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 22:00:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 22:00:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 22:00:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 22:00:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 22:00:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 22:00:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 22:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 22:00:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 22:00:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 22:00:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 22:00:09 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 22:00:08 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 14:42:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 14:42:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 14:42:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 14:42:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 14:42:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 14:42:21 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 14:42:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.13 21:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.13 21:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.04.29 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.25 21:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS Photo Tagger [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.22 12:47:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe [2013.05.22 12:28:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 12:19:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 11:03:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.22 08:20:01 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 08:20:01 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 08:17:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 08:17:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 08:17:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 08:17:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 08:17:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 08:12:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 08:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 08:11:50 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 22:23:33 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.21 22:23:33 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.21 22:23:33 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.21 22:23:33 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.21 22:23:33 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.21 22:23:22 | 004,931,577 | ---- | M] () -- C:\Windows\{00000004-00000000-00000006-00001102-00000004-20021102}.CDF [2013.05.21 22:23:22 | 004,931,577 | ---- | M] () -- C:\Windows\{00000004-00000000-00000006-00001102-00000004-20021102}.BAK [2013.05.21 19:25:44 | 000,000,221 | ---- | M] () -- C:\Users\Jens\Desktop\Metro Last Light.url [2013.05.21 16:44:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.16 06:01:12 | 000,378,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 19:19:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:19:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.13 21:47:52 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.04.29 17:38:28 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\DJI NAZA Assistant 1.8.lnk [2013.04.29 16:53:58 | 000,019,019 | ---- | M] () -- H:\Users\Jens\Documents\vu+ solo 2 hm-sat.pdf [2013.04.28 13:52:44 | 000,002,002 | ---- | M] () -- H:\Users\Jens\Documents\Untersuchungen (JENS-PC) - Verknüpfung.lnk [2013.04.25 21:48:59 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 11:03:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 20:51:11 | 004,931,577 | ---- | C] () -- C:\Windows\{00000004-00000000-00000006-00001102-00000004-20021102}.BAK [2013.05.21 19:25:44 | 000,000,221 | ---- | C] () -- C:\Users\Jens\Desktop\Metro Last Light.url [2013.05.13 21:47:52 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.29 17:38:28 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\DJI NAZA Assistant 1.8.lnk [2013.04.29 16:53:58 | 000,019,019 | ---- | C] () -- H:\Users\Jens\Documents\vu+ solo 2 hm-sat.pdf [2013.04.28 13:52:44 | 000,002,002 | ---- | C] () -- H:\Users\Jens\Documents\Untersuchungen (JENS-PC) - Verknüpfung.lnk [2013.04.25 21:48:59 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk [2013.03.30 18:39:31 | 000,002,773 | ---- | C] () -- C:\Users\Jens\AppData\Local\recently-used.xbel [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.28 22:02:47 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.28 22:02:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.02 15:39:21 | 012,845,056 | ---- | C] () -- C:\Users\Jens\AppData\Roaming\Sandra.mdb [2012.11.29 22:09:32 | 000,002,629 | ---- | C] () -- C:\Users\Jens\BT747SettingsJ2SE.pdb [2012.09.01 22:24:24 | 000,003,584 | ---- | C] () -- C:\Users\Jens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.10 08:37:18 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini [2012.02.23 18:36:41 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.02.23 18:36:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.01.31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 12:50:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 31,51% Memory free
7,99 Gb Paging File | 4,86 Gb Available in Paging File | 60,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 31,53 Gb Free Space | 28,23% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 84,74 Mb Free Space | 84,75% Space Free | Partition Type: NTFS
Drive E: | 74,43 Gb Total Space | 16,67 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive G: | 313,74 Mb Total Space | 286,33 Mb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive H: | 232,58 Gb Total Space | 6,20 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 904,59 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B36FA2B-BC6B-490D-A5C8-8E4FB6B6041E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1573E602-EA65-48C2-B32B-49E7B1309AF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{213AE6A6-C0A4-4E3C-A191-5CA3D4C57BF0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\rpcagentsrv.exe |
"{2E3A6424-4FD2-426C-82F1-468730DB8F8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FAC05F5-1A68-4980-9E4D-0F17E260AE34}" = lport=445 | protocol=6 | dir=in | app=system |
"{42B0F7C8-E572-4702-B303-EDAF22FE14C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48B716CF-A4D4-45EF-B3FB-66A3AD0CAA11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5656BABA-0371-42E0-95CD-D8455B0B6319}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60C1DD82-CB34-4A13-927E-3C4F794540A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{738DBEFB-497E-49BC-8C0F-73284DC7A146}" = rport=139 | protocol=6 | dir=out | app=system |
"{75152FA1-A393-4968-9887-648C8F5C5D44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8923B108-9521-46EA-954D-3A3438CB79DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D886FA3-9DA0-4853-9683-039BCFB6F025}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EAA3C1F-8D38-402B-AA23-8EDDE5B1359C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\wnt500x64\rpcsandrasrv.exe |
"{90429FD3-D8D5-47C0-99A2-F543D43DBE8A}" = lport=138 | protocol=17 | dir=in | app=system |
"{99E4E47E-73DD-4B79-8688-EC11D7D0AA5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C83DA80-FF1E-4589-8181-C8FA8D79F61C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E75DED2-F4C6-466F-A868-9A5CDB9EC88A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA4A7D68-5AC5-4FC4-AF98-B71C3B2595C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B031A7FD-82DD-4676-937D-8007D1433D3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1D5592F-B9EB-4BBF-B1DD-224FFB1EB5DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D78DCEF7-C200-4F94-A5B1-354FB765237D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8641F74-DD32-47D8-906B-7293D2D29CB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC44F490-5A5F-47E2-9975-E22CBBE13345}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E809AAF6-7AFA-4DF3-B247-D2A56CD5C904}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A4D1F-0359-4911-937D-6859EB86D722}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe |
"{02C387BE-DFB8-4282-A863-DC5D104D40B5}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{048CFCE9-1484-4279-BCEC-B3F91731BB92}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{08862090-B066-4E63-8B24-39888598F76D}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{08876D50-D5BA-4852-92DF-3431416610A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09E4FB4A-50F2-44E5-827E-F740316EC383}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{0A1F2169-9593-436F-B224-76E5A14BC165}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1027013B-9F8A-491A-ACB1-9ACB44035FA1}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{1145B551-9533-4D4B-A276-ED348B43FEE3}" = protocol=6 | dir=in | app=n:\spiele\crysis 3\bin32\crysis3.exe |
"{13A51CD5-4E95-4347-9607-86B28BEB8B1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{164BF662-CA5B-4976-B119-8987C80E17F1}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{1688EA80-B26C-4871-B3B7-D4626C372BF5}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{19571FE4-BBD8-4DC1-B201-881E5A089BE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8724D7-FD67-41D6-8844-0022AD9565A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1FAC0B24-C5F9-4932-9098-911E15C4E185}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{20FA70A3-CDDD-41AA-B111-C93F40BD5791}" = protocol=17 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |
"{2DBB31ED-4D9A-47FC-9B34-4C1B7BA0B6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{35FA2620-E323-4A70-BC2A-FC4F730B03B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B2C620E-2BDA-41AF-B7E8-BF9E0F1A63AE}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\miasmata\miasmata.exe |
"{3BA34712-5C1F-4BA4-A7EB-29F25A9237C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{461B0C57-A652-47C5-9A97-18B863A80BCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AC4E376-2708-4C0E-A38F-B9DA846CF7E0}" = protocol=6 | dir=out | app=system |
"{4CF8D231-086E-4400-B2DF-27334E21D1A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4D1AE4F7-1BA1-4AF6-8D29-17B1463DAAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{4D8775C4-91E0-4C7F-AD35-F93247AB2C35}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{57977513-4E6B-4CC9-9F73-7516D9B5F802}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5B5B57FE-9563-4382-A1A7-3BDC8A829A40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5BE661B4-2D8E-4ADB-B9B6-748F05A81C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E567244-C76B-4B32-BA63-324FDF6CB1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6624AEE4-D9D1-4CD2-B079-952F8B33AD24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66DB3FB2-31F4-4BB8-80FA-BCEE304764C2}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{70CCFA59-4400-4AA4-8771-8066866F3089}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{721FBF23-E29B-4961-9C7F-1F21BCEB779F}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{74BCD9DC-3867-4F81-88C3-72B9CD33799C}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{7717C52B-A539-40AE-90B3-7C10D67F7DA6}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe |
"{7C288E2B-764A-4F95-8B9A-8B613B5466FC}" = protocol=6 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |
"{7C8CDD56-E5D8-4EFF-BFD7-35782855553E}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{7FA8B09F-4487-4A2B-BCCA-4BF0986F6B47}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{8320BE4B-C650-4187-BA2F-0BCA6442C6B5}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3updater.exe |
"{8C44DB2D-2E61-4628-A41C-038AC3B5CF71}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{8EED2ED9-065B-4A9C-9601-C81E22D9FB97}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8FEBE5BF-A515-4918-8C07-0F25CF3F15AE}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{97366C65-B9EB-4EA1-AB3C-FAD079E8F096}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9A032EF2-6F4F-45B9-9B06-EE6185907386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AF9DF03-9939-41FF-BC26-85371C2223ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D01BEBE-BE9E-43FC-B35A-A08355B9C521}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{9F387930-DBF3-48D4-BED8-1168E10C09BC}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3.exe |
"{A1A4EFDE-5D32-4A12-813E-B206A496BF30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACABBF42-BAF3-49A9-8D3A-92DBC829492C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AE145EAB-9F3B-4805-89B0-DB6E0001AD1D}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{B267863D-B9A9-4CB6-B9A9-88B2ABD657CE}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3updater.exe |
"{B2BDC465-D987-4B9A-AC5A-F0B34D726320}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3.exe |
"{B42E7B13-51A5-4FB1-9AAC-B6BEA9EA6FFE}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{B5EBA51B-A505-4E7D-BF2C-23B84808AD5E}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3editor.exe |
"{B7DF1F89-407E-43CB-85BA-3A0DC487FB19}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{B8ED00BF-188E-4F25-A205-3A8887548DF4}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{BD35CF4B-62BB-4A0B-A978-F7E6F7B8A8D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BE299406-E50A-44E7-9F84-EB591080DAE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF6B5C9A-7584-4073-8D14-C23374AE5700}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{C08F5F49-D960-49B9-8332-F508E59A9866}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{C0A0E741-F5FA-4C03-A542-FBF804D11563}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C2DB7FB5-0F38-4F7D-8878-0D741DC883CE}" = protocol=6 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{CF7E59DB-3F85-462D-9F18-4E14A69E7E28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D32A1E97-1071-46E9-8653-767F2126E2A1}" = protocol=17 | dir=in | app=n:\spiele\crysis 3\bin32\crysis3.exe |
"{D3F0F9B6-80BB-4B3D-97F0-7507042AAEA3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D5D8A2C3-9CF7-4E8D-B578-4827F75F8471}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{D5FCECBF-A3B4-475E-BB1B-5E0840ABD81B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D60A192D-39A3-4B1D-BE20-02B581227374}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{D8260569-4FAF-4A49-8CBB-D3BF85F08606}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D9BC175B-BE6B-4ADF-BAB1-C5176C57AD81}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\miasmata\miasmata.exe |
"{DB959704-4FED-4A81-8CFA-70E6F029A433}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{DC3B9169-8699-4DCE-8F25-98B300C6CB64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD2AD6AB-DAC4-4A81-9E2F-CFBF89E149E0}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{E0147F77-E43A-4CAC-9577-3C1BA7806E27}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{E3AAA5EE-24DD-4E97-A8D6-0510A4362E49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E58B5E5B-7D76-4D61-BB14-0355ED638A8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E787122F-4248-4736-A025-53BA3D590679}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{E9032162-32EB-4A78-AC0D-3D03739493A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9A8FD1E-A343-4F2C-946E-72A16DC32837}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{EC03D065-0AF4-43B9-AC9D-B16E0463EE45}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{F5697578-0A09-42A9-B44C-B312AF788E69}" = protocol=17 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{F9F1BD55-1328-4035-96B6-C59983C6629C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FBC44A0B-3C93-40AF-8903-481E9A1FD3A6}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{FE2C8440-F6CD-454A-9F35-1D56AB185980}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3editor.exe |
"TCP Query User{09F55BEA-88EA-4390-8780-7C042E7249B5}H:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{6371AA31-FF21-4990-B7F6-294ED07D6652}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{85509223-113D-46F6-8190-F3B8412CD22C}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{DB92152B-74D9-47CD-8445-7EFBBF5A9CE1}H:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{E4C78537-7B48-4B1F-BDE2-563FD29A7D22}C:\program files (x86)\synology data replicator 3\backup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology data replicator 3\backup.exe |
"TCP Query User{E98F6458-E9C5-4B15-881F-DD45E0894C05}C:\users\jens\documents\dsassistant_2216\win\dsassistant.exe" = protocol=6 | dir=in | app=c:\users\jens\documents\dsassistant_2216\win\dsassistant.exe |
"TCP Query User{E99D594A-DB89-4706-A784-0665AAA3683F}C:\program files (x86)\gpsphototagger\gpsphototagger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gpsphototagger\gpsphototagger.exe |
"UDP Query User{17B63B74-BD52-4396-B700-11654864FA2F}H:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{3CED2C1E-9920-4D60-9FE8-220F63B80014}C:\program files (x86)\gpsphototagger\gpsphototagger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gpsphototagger\gpsphototagger.exe |
"UDP Query User{7009E801-7207-4FAD-AF0A-8B1F7CEA5983}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{AA69E96F-6C99-4B08-9DBA-C67E03517CD3}C:\users\jens\documents\dsassistant_2216\win\dsassistant.exe" = protocol=17 | dir=in | app=c:\users\jens\documents\dsassistant_2216\win\dsassistant.exe |
"UDP Query User{D1ED6FAD-CF84-44AB-83D0-A82528ADE2A1}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{D667445F-97B7-4C88-B86F-E1A72D4C2D95}H:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{ECA479DD-EAEE-4BC2-A690-5065D8059FAB}C:\program files (x86)\synology data replicator 3\backup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology data replicator 3\backup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6B7B47D7-B73B-473A-B432-A1E8C056D349}_is1" = devention Upgrade Tools version 1.4
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{18E01E96-4996-4157-B1D0-86E052AA0E9D}_is1" = DJI NAZA Assistant version 1.6
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.3
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FC5FA2A-1D40-41B9-920B-0F2A758E24A6}" = MAGIX Speed burnR (MSI)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B1FEBE01-42BB-4D05-8180-6C5ABD91E97E}" = MAGIX Screenshare
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E361CF5C-F450-4A81-B831-F9BA67A1DC15}_is1" = DJI NAZA Assistant version 1.8
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCS" = Creative-Audiokonsole
"avast" = avast! Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"com.amazon.music.uploader" = Amazon Music Importer
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"GPS Photo Tagger_TSI" = GPS Photo Tagger V1.2.4
"I Want This" = I Want This
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 107100" = Bastion
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 202170" = Sleeping Dogs™
"Steam App 223510" = Miasmata
"Steam App 26800" = Braid
"Steam App 3830" = Psychonauts
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 44320" = DiRT 3
"Steam App 48000" = LIMBO
"Steam App 50130" = Mafia II
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Sweepi_is1" = Sweepi 5.4.00
"Synology Assistant" = Synology Assistant (remove only)
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"WaveStudio 7" = Creative WaveStudio 7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.05.2013 03:41:22 | Computer Name = Jens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\devention
upgrade tools\Driver\dpinst_ia64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.05.2013 12:16:15 | Computer Name = Jens-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.05.2013 13:31:21 | Computer Name = Jens-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.05.2013 04:23:26 | Computer Name = Jens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\devention
upgrade tools\Driver\dpinst_ia64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.05.2013 07:30:33 | Computer Name = Jens-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.05.2013 08:43:18 | Computer Name = Jens-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.05.2013 03:10:21 | Computer Name = Jens-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.05.2013 14:07:33 | Computer Name = Jens-PC | Source = Application Hang | ID = 1002
Description = Programm VUCC.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e90 Startzeit:
01ce553de20f539a Endzeit: 5 Anwendungspfad: C:\Users\Jens\Downloads\VuCC_V0.5\VUCC.exe
Berichts-ID:
228909d0-c178-11e2-9b54-00241dd46d4d
Error - 21.05.2013 12:38:44 | Computer Name = Jens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\devention
upgrade tools\Driver\dpinst_ia64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 03:24:43 | Computer Name = Jens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\devention
upgrade tools\Driver\dpinst_ia64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 21.05.2013 00:29:43 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.05.2013 00:29:43 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.05.2013 10:44:13 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.05.2013 10:44:13 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.05.2013 14:54:49 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.05.2013 14:54:49 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.05.2013 15:53:58 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.05.2013 15:53:58 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 22.05.2013 02:14:01 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 22.05.2013 02:14:01 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Meine konkreten Fragen: Auf der Diskstation liegen alle Fotos und wichtige Dokumente von mir. Ist es richtig, dass Viren es hier wegen des Linux-Betriebssystems nicht so einfach haben? Kann ich die Fotos und Dokumente einfach auf eine jungfräuliche externe Platte sichern um die Diskstation neu aufzusetzen? Oder reicht es die Virenfunde einfach zu löschen und die Diskstation nicht neu aufzusetzen? Den PC würde ich dann auch einfach formatieren, es sei denn die Viren lassen sich halbwegs gut entfernen. Vielleicht mag ja mal jemand darüber schauen. Vielen Dank und Gruß Jens Geändert von scottsch (22.05.2013 um 19:57 Uhr) |
|
22.05.2013, 21:06
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hallo und
__________________ Zitat:
Bevor du gleich voreilig mit der Neuinstallation anfängst, ich hab den Eindruck, es könnte sich hier wahrscheinlich um Fehlalarme handeln. Malwarebytes hat übrigens nur harmlose aber nervige Adware gefunden.
__________________ |
|
23.05.2013, 16:37
| #3 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hallo,
__________________Danke für Deine schnelle Antwort! Der Scanner auf der Diskstation heisst Antivirus Essential. Der nochmalige Scan läuft immer noch und braucht wohl noch einen Tag ca. Die Diskstation ist leider nicht die Schnellste. Ich poste dann das Logfile. Ist es denn richtig, dass die Viren auf der Diskstation (u. a. ZBOT) selbst nichts anrichten können, reicht es sie durch Antivirus Essential zu löschen oder muss ich befürchten, wenn ich mal ein backup zurückspiele, dass der PC Schaden nimmt? Kann man die Diskstation auch vom PC aus mit Malwarebytes prüfen? Wie kann ich den harmlosen Trojaner auf meinem PC am Besten löschen? soviele Fragen, sorry  Viele Grüße Jens |
|
23.05.2013, 21:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere 1. müsste auf dem NAS Windows laufen, damit die Schdälinge überhaupt greifen, 2. müsste das Betriebssystem auf dem NAS selbst Schädlinge ausführen....beides ist imho nicht gegeben, du arbeitest von deinem Windows-Client aus und nimmst nur die Netzwerkdienste des NAS in Anspruch Das Netzlaufwerk, das auf deinem NAS zeigt ist doch Laufwerk N? Wenn ja, das hast du schon mit MBAM geprüft, steht doch im Vollscanbericht welche Laufwerke alles gescannt wurden.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2013, 21:26
| #5 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere OK, dann mach ich mir um das NAS gar keine Sorgen mehr. N ist allerdings nur eine Festplatte im PC. Die NAS het keinen eigenen Netzwerkbuchstaben. Wie kann ich die harmlosen Trojaner auf dem PC am besten entfernen? |
|
23.05.2013, 21:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere |
|
25.05.2013, 20:14
| #7 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hallo, hier kommen die Logfiles: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jens on 25.05.2013 at 20:44:53,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\i want this
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.fbapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.fbapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\crossriderapp0002258.sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022222258}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33333333-3333-3333-3333-330033223358}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022222258}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{33333333-3333-3333-3333-330033223358}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Jens\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Jens\appdata\local\i want this"
Successfully deleted: [Folder] "C:\Program Files (x86)\i want this"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Emptied folder: C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\efth8e1i.default\minidumps [227 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2013 at 20:48:03,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 25/05/2013 um 20:52:18 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jens - JENS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jens\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\efth8e1i.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox|hxxp://www.myd[...]
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2552 octets] - [25/05/2013 20:52:18]
########## EOF - C:\AdwCleaner[S1].txt - [2612 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.05.2013 21:05:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,95% Memory free 7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 30,85 Gb Free Space | 27,62% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 84,74 Mb Free Space | 84,75% Space Free | Partition Type: NTFS Drive E: | 74,43 Gb Total Space | 16,67 Gb Free Space | 22,40% Space Free | Partition Type: NTFS Drive G: | 313,74 Mb Total Space | 286,33 Mb Free Space | 91,26% Space Free | Partition Type: NTFS Drive H: | 232,58 Gb Total Space | 36,96 Gb Free Space | 15,89% Space Free | Partition Type: NTFS Drive N: | 931,51 Gb Total Space | 904,59 Gb Free Space | 97,11% Space Free | Partition Type: NTFS Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe (SiSoftware) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Rockusb) -- C:\Windows\SysNative\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd) DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd) DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (STTub30) -- C:\Windows\SysNative\drivers\STTub30.sys (STMicroelectronics) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7C CF 96 38 E3 CC 01 [binary data] IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.21 16:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 11:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Extensions [2013.05.09 15:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Firefox\Profiles\efth8e1i.default\extensions [2012.09.19 18:41:31 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\efth8e1i.default\extensions\testpilot@labs.mozilla.com.xpi [2013.05.09 15:32:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\firefox\profiles\efth8e1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 17:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.24 17:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.05.24 17:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 17:18:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.24 17:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\distribution\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: YouTube = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Calendar Checker = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\ CHR - Extension: Google Mail = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83BBF126-0371-4C24-A0FA-4AD245685A4E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.03.23 21:08:27 | 000,005,080 | ---- | M] () - C:\autotimerwizard.xml -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.25 20:44:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.25 20:44:48 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.25 20:44:03 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jens\Desktop\JRT.exe [2013.05.24 23:19:15 | 000,000,000 | ---D | C] -- H:\Users\Jens\Documents\Remedy [2013.05.24 17:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 12:47:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe [2013.05.22 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Malwarebytes [2013.05.22 11:03:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.22 11:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.15 22:00:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 22:00:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 22:00:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 22:00:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 22:00:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 22:00:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 22:00:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 22:00:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 22:00:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 22:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 22:00:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 22:00:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 22:00:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 22:00:09 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 22:00:08 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 14:42:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 14:42:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 14:42:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 14:42:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 14:42:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 14:42:21 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 14:42:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.13 21:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.13 21:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.04.29 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.25 21:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS Photo Tagger [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.25 21:01:44 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.25 21:01:44 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.25 21:00:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.25 21:00:34 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.25 21:00:34 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.25 21:00:34 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.25 21:00:34 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.25 20:54:43 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.25 20:54:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.25 20:54:34 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys [2013.05.25 20:53:16 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.25 20:53:16 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.25 20:53:16 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.25 20:53:16 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.25 20:53:16 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000006-00001102-00000004-20021102}.rfx [2013.05.25 20:44:06 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jens\Desktop\JRT.exe [2013.05.25 20:28:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.25 20:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 21:54:37 | 000,000,222 | ---- | M] () -- C:\Users\Jens\Desktop\Tomb Raider.url [2013.05.23 17:43:03 | 000,000,222 | ---- | M] () -- C:\Users\Jens\Desktop\Alan Wake.url [2013.05.23 17:26:21 | 000,000,222 | ---- | M] () -- C:\Users\Jens\Desktop\Alan Wake's American Nightmare.url [2013.05.22 21:36:29 | 004,931,577 | ---- | M] () -- C:\Windows\{00000004-00000000-00000006-00001102-00000004-20021102}.CDF [2013.05.22 12:53:09 | 000,632,031 | ---- | M] () -- C:\Users\Jens\Desktop\adwcleaner.exe [2013.05.22 12:47:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe [2013.05.22 11:03:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 19:25:44 | 000,000,221 | ---- | M] () -- C:\Users\Jens\Desktop\Metro Last Light.url [2013.05.21 16:44:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.16 06:01:12 | 000,378,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 19:19:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:19:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.13 21:47:52 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.04.29 17:38:28 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\DJI NAZA Assistant 1.8.lnk [2013.04.29 16:53:58 | 000,019,019 | ---- | M] () -- H:\Users\Jens\Documents\vu+ solo 2 hm-sat.pdf [2013.04.28 13:52:44 | 000,002,002 | ---- | M] () -- H:\Users\Jens\Documents\Untersuchungen (JENS-PC) - Verknüpfung.lnk [2013.04.25 21:48:59 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.24 21:54:37 | 000,000,222 | ---- | C] () -- C:\Users\Jens\Desktop\Tomb Raider.url [2013.05.23 17:43:03 | 000,000,222 | ---- | C] () -- C:\Users\Jens\Desktop\Alan Wake.url [2013.05.23 17:26:21 | 000,000,222 | ---- | C] () -- C:\Users\Jens\Desktop\Alan Wake's American Nightmare.url [2013.05.22 12:53:04 | 000,632,031 | ---- | C] () -- C:\Users\Jens\Desktop\adwcleaner.exe [2013.05.22 11:03:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 19:25:44 | 000,000,221 | ---- | C] () -- C:\Users\Jens\Desktop\Metro Last Light.url [2013.05.13 21:47:52 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.29 17:38:28 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\DJI NAZA Assistant 1.8.lnk [2013.04.29 16:53:58 | 000,019,019 | ---- | C] () -- H:\Users\Jens\Documents\vu+ solo 2 hm-sat.pdf [2013.04.28 13:52:44 | 000,002,002 | ---- | C] () -- H:\Users\Jens\Documents\Untersuchungen (JENS-PC) - Verknüpfung.lnk [2013.04.25 21:48:59 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk [2013.03.30 18:39:31 | 000,002,773 | ---- | C] () -- C:\Users\Jens\AppData\Local\recently-used.xbel [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.28 22:02:47 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.28 22:02:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.02 15:39:21 | 012,845,056 | ---- | C] () -- C:\Users\Jens\AppData\Roaming\Sandra.mdb [2012.11.29 22:09:32 | 000,002,629 | ---- | C] () -- C:\Users\Jens\BT747SettingsJ2SE.pdb [2012.09.01 22:24:24 | 000,003,584 | ---- | C] () -- C:\Users\Jens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.10 08:37:18 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini [2012.02.23 18:36:41 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.02.23 18:36:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.01.31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.05.2013 21:05:16 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,95% Memory free
7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 30,85 Gb Free Space | 27,62% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 84,74 Mb Free Space | 84,75% Space Free | Partition Type: NTFS
Drive E: | 74,43 Gb Total Space | 16,67 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive G: | 313,74 Mb Total Space | 286,33 Mb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive H: | 232,58 Gb Total Space | 36,96 Gb Free Space | 15,89% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 904,59 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B36FA2B-BC6B-490D-A5C8-8E4FB6B6041E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1573E602-EA65-48C2-B32B-49E7B1309AF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{213AE6A6-C0A4-4E3C-A191-5CA3D4C57BF0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\rpcagentsrv.exe |
"{2E3A6424-4FD2-426C-82F1-468730DB8F8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FAC05F5-1A68-4980-9E4D-0F17E260AE34}" = lport=445 | protocol=6 | dir=in | app=system |
"{42B0F7C8-E572-4702-B303-EDAF22FE14C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48B716CF-A4D4-45EF-B3FB-66A3AD0CAA11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5656BABA-0371-42E0-95CD-D8455B0B6319}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60C1DD82-CB34-4A13-927E-3C4F794540A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{738DBEFB-497E-49BC-8C0F-73284DC7A146}" = rport=139 | protocol=6 | dir=out | app=system |
"{75152FA1-A393-4968-9887-648C8F5C5D44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8923B108-9521-46EA-954D-3A3438CB79DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D886FA3-9DA0-4853-9683-039BCFB6F025}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EAA3C1F-8D38-402B-AA23-8EDDE5B1359C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\wnt500x64\rpcsandrasrv.exe |
"{90429FD3-D8D5-47C0-99A2-F543D43DBE8A}" = lport=138 | protocol=17 | dir=in | app=system |
"{99E4E47E-73DD-4B79-8688-EC11D7D0AA5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C83DA80-FF1E-4589-8181-C8FA8D79F61C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E75DED2-F4C6-466F-A868-9A5CDB9EC88A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA4A7D68-5AC5-4FC4-AF98-B71C3B2595C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B031A7FD-82DD-4676-937D-8007D1433D3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1D5592F-B9EB-4BBF-B1DD-224FFB1EB5DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D78DCEF7-C200-4F94-A5B1-354FB765237D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8641F74-DD32-47D8-906B-7293D2D29CB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC44F490-5A5F-47E2-9975-E22CBBE13345}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E809AAF6-7AFA-4DF3-B247-D2A56CD5C904}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A4D1F-0359-4911-937D-6859EB86D722}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe |
"{02C387BE-DFB8-4282-A863-DC5D104D40B5}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{048CFCE9-1484-4279-BCEC-B3F91731BB92}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{08862090-B066-4E63-8B24-39888598F76D}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{08876D50-D5BA-4852-92DF-3431416610A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A1F2169-9593-436F-B224-76E5A14BC165}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1145B551-9533-4D4B-A276-ED348B43FEE3}" = protocol=6 | dir=in | app=n:\spiele\crysis 3\bin32\crysis3.exe |
"{13A51CD5-4E95-4347-9607-86B28BEB8B1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1688EA80-B26C-4871-B3B7-D4626C372BF5}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{19571FE4-BBD8-4DC1-B201-881E5A089BE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8724D7-FD67-41D6-8844-0022AD9565A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1FAC0B24-C5F9-4932-9098-911E15C4E185}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{20FA70A3-CDDD-41AA-B111-C93F40BD5791}" = protocol=17 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |
"{2A1A8474-13C2-417B-824F-68A1F2DBD22E}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{2DBB31ED-4D9A-47FC-9B34-4C1B7BA0B6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{35FA2620-E323-4A70-BC2A-FC4F730B03B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BA34712-5C1F-4BA4-A7EB-29F25A9237C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CA188D1-1A79-4673-9BFF-C7C2667FFAAA}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{461B0C57-A652-47C5-9A97-18B863A80BCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AC4E376-2708-4C0E-A38F-B9DA846CF7E0}" = protocol=6 | dir=out | app=system |
"{4CF8D231-086E-4400-B2DF-27334E21D1A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4D1AE4F7-1BA1-4AF6-8D29-17B1463DAAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{57977513-4E6B-4CC9-9F73-7516D9B5F802}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5802C675-1E78-4706-85AF-3D350F612E36}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{5B5B57FE-9563-4382-A1A7-3BDC8A829A40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5BE661B4-2D8E-4ADB-B9B6-748F05A81C33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E567244-C76B-4B32-BA63-324FDF6CB1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6624AEE4-D9D1-4CD2-B079-952F8B33AD24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66DB3FB2-31F4-4BB8-80FA-BCEE304764C2}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{6E2ECB40-CF79-49BF-B049-469C839D873C}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{71212E05-3366-453D-87BD-AD3E4DC8A7B7}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{721FBF23-E29B-4961-9C7F-1F21BCEB779F}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{74BCD9DC-3867-4F81-88C3-72B9CD33799C}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{7717C52B-A539-40AE-90B3-7C10D67F7DA6}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe |
"{7C288E2B-764A-4F95-8B9A-8B613B5466FC}" = protocol=6 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |
"{7C8CDD56-E5D8-4EFF-BFD7-35782855553E}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{8320BE4B-C650-4187-BA2F-0BCA6442C6B5}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3updater.exe |
"{8C44DB2D-2E61-4628-A41C-038AC3B5CF71}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{8FEBE5BF-A515-4918-8C07-0F25CF3F15AE}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{97366C65-B9EB-4EA1-AB3C-FAD079E8F096}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9A032EF2-6F4F-45B9-9B06-EE6185907386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AF9DF03-9939-41FF-BC26-85371C2223ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D01BEBE-BE9E-43FC-B35A-A08355B9C521}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{9F387930-DBF3-48D4-BED8-1168E10C09BC}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3.exe |
"{9F4187B0-A882-4B9C-AF1E-C385FCA4EA28}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{A1A4EFDE-5D32-4A12-813E-B206A496BF30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACABBF42-BAF3-49A9-8D3A-92DBC829492C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AE625E34-0761-4CAE-8C35-C7E771FC8703}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{B267863D-B9A9-4CB6-B9A9-88B2ABD657CE}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3updater.exe |
"{B2BDC465-D987-4B9A-AC5A-F0B34D726320}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3.exe |
"{B5EBA51B-A505-4E7D-BF2C-23B84808AD5E}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3editor.exe |
"{B7DF1F89-407E-43CB-85BA-3A0DC487FB19}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{BD35CF4B-62BB-4A0B-A978-F7E6F7B8A8D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BE299406-E50A-44E7-9F84-EB591080DAE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF6B5C9A-7584-4073-8D14-C23374AE5700}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{C08F5F49-D960-49B9-8332-F508E59A9866}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{C0A0E741-F5FA-4C03-A542-FBF804D11563}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C2DB7FB5-0F38-4F7D-8878-0D741DC883CE}" = protocol=6 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{CF7E59DB-3F85-462D-9F18-4E14A69E7E28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D32A1E97-1071-46E9-8653-767F2126E2A1}" = protocol=17 | dir=in | app=n:\spiele\crysis 3\bin32\crysis3.exe |
"{D3F0F9B6-80BB-4B3D-97F0-7507042AAEA3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D5FCECBF-A3B4-475E-BB1B-5E0840ABD81B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8260569-4FAF-4A49-8CBB-D3BF85F08606}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D84B7F00-37CD-46EA-8411-3A5C126426D3}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{DC3B9169-8699-4DCE-8F25-98B300C6CB64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD2AD6AB-DAC4-4A81-9E2F-CFBF89E149E0}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{E0147F77-E43A-4CAC-9577-3C1BA7806E27}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{E3AAA5EE-24DD-4E97-A8D6-0510A4362E49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E58B5E5B-7D76-4D61-BB14-0355ED638A8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9032162-32EB-4A78-AC0D-3D03739493A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9A8FD1E-A343-4F2C-946E-72A16DC32837}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{F5697578-0A09-42A9-B44C-B312AF788E69}" = protocol=17 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{F9F1BD55-1328-4035-96B6-C59983C6629C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE2C8440-F6CD-454A-9F35-1D56AB185980}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3editor.exe |
"TCP Query User{09F55BEA-88EA-4390-8780-7C042E7249B5}H:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{6371AA31-FF21-4990-B7F6-294ED07D6652}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{85509223-113D-46F6-8190-F3B8412CD22C}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{DB92152B-74D9-47CD-8445-7EFBBF5A9CE1}H:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{E4C78537-7B48-4B1F-BDE2-563FD29A7D22}C:\program files (x86)\synology data replicator 3\backup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology data replicator 3\backup.exe |
"TCP Query User{E98F6458-E9C5-4B15-881F-DD45E0894C05}C:\users\jens\documents\dsassistant_2216\win\dsassistant.exe" = protocol=6 | dir=in | app=c:\users\jens\documents\dsassistant_2216\win\dsassistant.exe |
"TCP Query User{E99D594A-DB89-4706-A784-0665AAA3683F}C:\program files (x86)\gpsphototagger\gpsphototagger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gpsphototagger\gpsphototagger.exe |
"UDP Query User{17B63B74-BD52-4396-B700-11654864FA2F}H:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=h:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{3CED2C1E-9920-4D60-9FE8-220F63B80014}C:\program files (x86)\gpsphototagger\gpsphototagger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gpsphototagger\gpsphototagger.exe |
"UDP Query User{7009E801-7207-4FAD-AF0A-8B1F7CEA5983}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{AA69E96F-6C99-4B08-9DBA-C67E03517CD3}C:\users\jens\documents\dsassistant_2216\win\dsassistant.exe" = protocol=17 | dir=in | app=c:\users\jens\documents\dsassistant_2216\win\dsassistant.exe |
"UDP Query User{D1ED6FAD-CF84-44AB-83D0-A82528ADE2A1}H:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{D667445F-97B7-4C88-B86F-E1A72D4C2D95}H:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{ECA479DD-EAEE-4BC2-A690-5065D8059FAB}C:\program files (x86)\synology data replicator 3\backup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology data replicator 3\backup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6B7B47D7-B73B-473A-B432-A1E8C056D349}_is1" = devention Upgrade Tools version 1.4
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{18E01E96-4996-4157-B1D0-86E052AA0E9D}_is1" = DJI NAZA Assistant version 1.6
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.3
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FC5FA2A-1D40-41B9-920B-0F2A758E24A6}" = MAGIX Speed burnR (MSI)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B1FEBE01-42BB-4D05-8180-6C5ABD91E97E}" = MAGIX Screenshare
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E361CF5C-F450-4A81-B831-F9BA67A1DC15}_is1" = DJI NAZA Assistant version 1.8
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCS" = Creative-Audiokonsole
"avast" = avast! Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"com.amazon.music.uploader" = Amazon Music Importer
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"GPS Photo Tagger_TSI" = GPS Photo Tagger V1.2.4
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 108710" = Alan Wake
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 203160" = Tomb Raider
"Steam App 40810" = Super Meat Boy Editor
"Steam App 43160" = Metro: Last Light
"Steam App 44320" = DiRT 3
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Sweepi_is1" = Sweepi 5.4.00
"Synology Assistant" = Synology Assistant (remove only)
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"WaveStudio 7" = Creative WaveStudio 7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 25.05.2013 14:56:41 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 25.05.2013 14:56:41 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
26.05.2013, 17:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 18:53
| #9 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hallo, ein paar sind noch da: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.27.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Jens :: JENS-PC [Administrator] 27.05.2013 14:57:15 MBAM-log-2013-05-27 (15-29-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|N:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473709 Laufzeit: 31 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\Typelib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7657748201b8384aa761606db8840192
# engine=13925
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-27 02:54:02
# local_time=2013-05-27 04:54:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 504080 146376314 0 0
# compatibility_mode=5893 16776573 100 94 0 121296292 0 0
# scanned=233273
# found=0
# cleaned=0
# scan_time=4790
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7657748201b8384aa761606db8840192
# engine=13929
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-27 05:26:04
# local_time=2013-05-27 07:26:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 513202 146385436 0 0
# compatibility_mode=5893 16776573 100 94 0 121305414 0 0
# scanned=233277
# found=0
# cleaned=0
# scan_time=4841
|
|
27.05.2013, 21:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Da wurde nur Adware gefunden. Sollten wir entfernen, aber vorher mal schauen was noch für Reste davon auf diesen Rechner sind: Scan mit SystemLook (x64) Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 21:36
| #11 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitereCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 27/05/2013 by Jens
Administrator - Elevation successful
========== filefind ==========
Searching for "*conduit*"
No files found.
Searching for "*softonic*"
No files found.
Searching for "*quickstore*"
No files found.
Searching for "*yontoo*"
No files found.
Searching for "*FunMood*"
No files found.
Searching for "*tarma*"
No files found.
Searching for "*asktool*"
No files found.
Searching for "*GamePlayLab*"
No files found.
========== folderfind ==========
Searching for "*conduit*"
No folders found.
Searching for "*softonic*"
No folders found.
Searching for "*quickstore*"
No folders found.
Searching for "*yontoo*"
No folders found.
Searching for "*FunMood*"
No folders found.
Searching for "*tarma*"
No folders found.
Searching for "*asktool*"
No folders found.
Searching for "*GamePlayLab*"
No folders found.
========== regfind ==========
Searching for "*conduit*"
No data found.
Searching for "*softonic*"
No data found.
Searching for "*quickstore*"
No data found.
Searching for "*yontoo*"
No data found.
Searching for "*FunMood*"
No data found.
Searching for "*tarma*"
No data found.
Searching for "*asktool*"
No data found.
Searching for "*GamePlayLab*"
No data found.
Searching for " "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\Sweepi5.4.00_full_Setup_DE.exe"="Sweepi CleanUp Tool v5 "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\spybotsd162.exe"="Spybot - Search & Destroy "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{252D5D3D-83B6-4EA2-BEEB-9A7DC437E40F}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{7231EA3A-1ACC-4bcd-9C3A-A60EA6888B6D}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
<Descriptor descriptorID="{B0DEC59B-3AC4-475e-90F7-242C2A60CA71}"/>
<Descriptor descriptorID="{762EFF14-8713-4649-884E-2E295E2651B3}"/>
</Rating>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{75AEE0A2-8640-4a20-8DE5-EC93D8DAB219}"/>
<Rating ratingSystemID="{7F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{64954A7D-7B92-40E9-BE4C-AE93DD209ECF}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{DD3146A6-20D6-4f57-A170-E621500614AD}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
<Descriptor descriptorID="{B0DEC59B-3AC4-475e-90F7-242C2A60CA71}"/>
<Descriptor descriptorID="{E8930D9B-3E94-407c-B890-FDB5025DBCA3}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B72233AA-D3F0-4258-8E32-94C99F38160E}"/>
<Rating ratingSystemID="{36
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D742A2EE-980A-444B-953E-EE420D19A26F}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{6CA2DE44-81E2-491e-917A-3816F7298953}"/>
<Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{06B2A5C3-33D1-427b-9261-6703DC794E4F}"/>
<Descriptor descriptorID="{E8930D9B-3E94-407c-B890-FDB5025DBCA3}"/>
<Descriptor descriptorID
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{65E8773E-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD05-93EF-11D0-A3CC-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{cc7bfb41-f175-11d1-a392-00e0291f3959}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_0603&PID_8612&MI_00\6&4c43856&0&0000]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&1#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_AMBA&PROD_STORAGE&REV_V1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_OLYMPUS&PROD_E-M5&REV_1.00#BF4506933&0#]
"DeviceDesc"="E-M5 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&0#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&1#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&2#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{65E8773E-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD05-93EF-11D0-A3CC-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{cc7bfb41-f175-11d1-a392-00e0291f3959}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\VID_0603&PID_8612&MI_00\6&4c43856&0&0000]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&1#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_AMBA&PROD_STORAGE&REV_V1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_OLYMPUS&PROD_E-M5&REV_1.00#BF4506933&0#]
"DeviceDesc"="E-M5 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&0#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&1#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&2#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{65E8773E-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD05-93EF-11D0-A3CC-00A0C9223196}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}\##?#USB#VID_0603&PID_8612&MI_00#6&4C43856&0&0000#{cc7bfb41-f175-11d1-a392-00e0291f3959}\#GLOBAL\Device Parameters]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_0603&PID_8612&MI_00\6&4c43856&0&0000]
"FriendlyName"="USB PC Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_PMAP#0789130003F9&1#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_AMBA&PROD_STORAGE&REV_V1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_OLYMPUS&PROD_E-M5&REV_1.00#BF4506933&0#]
"DeviceDesc"="E-M5 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&0#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&1#]
"DeviceDesc"="MHS "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_MHS&REV_1.00#110180276D21&2#]
"DeviceDesc"="MHS "
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\Sweepi5.4.00_full_Setup_DE.exe"="Sweepi CleanUp Tool v5 "
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\spybotsd162.exe"="Spybot - Search & Destroy "
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\Sweepi5.4.00_full_Setup_DE.exe"="Sweepi CleanUp Tool v5 "
[HKEY_USERS\S-1-5-21-816125972-3571239182-3413260026-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jens\Downloads\spybotsd162.exe"="Spybot - Search & Destroy "
-= EOF =-
|
|
27.05.2013, 21:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Ok, anscheinend doch keine Werbung mehr Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2013, 05:02
| #13 |
| | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Hi, okay, vielen Dank für Deine Hilfe!!! Und auch Deine Tipps, die ich in jedem Fall beherzigen werde. Spende fürs Board ist unterwegs.  Viele Grüße Jens |
|
28.05.2013, 08:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Viren auf Diskstation und PC - Adware.GamePlayLabs und weitere |
| 7-zip, adblock, adobe, adware.gameplaylab, adware.gameplaylabs, aswrvrt.sys, browser, canon, diskstation, externe platte, flash player, grand theft auto, hal.dll, helper.exe, iexplore.exe, install.exe, olympus, plug-in, pup.gamesplaylab, registry, rundll, security, software, super, svchost.exe, synology, udp, uplay |
Linear-Darstellung
