| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop reagiert nach einigen Minuten nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.06.2013, 16:13
| #1 |
 |  Laptop reagiert nach einigen Minuten nicht mehr Hallo, ich habe den Rechner meiner Nichte bekommen, nachdem sie mit diesem nur Probleme hat. Der Rechner reagiert nach einigen Minuten nicht mehr. Egal, was gerade mit diesem gemacht wurde. Erst nach einem Neustart reagiert der PC wieder, dann aber erneut nur für kurze Zeit.Nach dem Hochfahren im abgesicherten Modus geht es etwas besser. Der PC friert wenigstens nicht ein. Jedoch ist das downloaden von Programmen aus dem Internet auch sehr langsam. Das hat nichts mit der vorhandenen Internetverbindung zu tun. Ob sich jetzt auf dem Rechner irgendwelche Fieslinge eingenistet haben oder ob die Hardware langsam den Geist aufgibt, kann ich leider nicht beurteilen. Vielleicht fällt bei den LOGs ja irgendetwas auf. Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:55 on 30/06/2013 (Nathi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 30.06.2013 14:57:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathi\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 81,62% Memory free 7,71 Gb Paging File | 7,00 Gb Available in Paging File | 90,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,59 Gb Total Space | 253,66 Gb Free Space | 89,13% Space Free | Partition Type: NTFS Computer Name: NATHIS-PC | User Name: Nathi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.30 14:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathi\Desktop\OTL.exe PRC - [2013.06.30 14:51:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2013.06.30 14:51:12 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.14 14:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2011.04.14 14:01:38 | 000,200,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2010.06.24 22:06:19 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2013.06.30 14:51:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.10 22:07:51 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2011.04.14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp) SRV - [2010.10.07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.05.31 18:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent) SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.03.05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.04.14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011.04.14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2011.04.14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011.04.14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011.04.14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011.04.14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011.04.14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2011.04.14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.06.24 22:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.05.31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{14A28A37-2AB4-4FD7-AF38-3C2DE7A5DB3F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CE65BCE6-88B9-476C-A20C-FF7A037EC884&apn_sauid=88EC211B-5DED-4E34-971E-9FE0F3E3238A IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nathi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nathi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.06.16 20:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.13 21:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathi\AppData\Roaming\mozilla\Extensions [2013.06.23 13:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathi\AppData\Roaming\mozilla\Firefox\Profiles\jzdln2d5.default\extensions [2013.06.23 13:17:41 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nathi\AppData\Roaming\mozilla\Firefox\Profiles\jzdln2d5.default\extensions\toolbar@ask.com [2013.06.23 13:17:41 | 000,002,308 | ---- | M] () -- C:\Users\Nathi\AppData\Roaming\mozilla\firefox\profiles\jzdln2d5.default\searchplugins\askcom.xml [2013.06.13 21:31:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.13 21:31:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nathi\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nathi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nathi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nathi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - Extension: Google Drive = C:\Users\Nathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Nathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Nathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Nathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20130618110235.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130618110235.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DCC452B-D3A7-4222-AD17-8A8C6A637917}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.30 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Macromedia [2013.06.30 14:51:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nathi\Desktop\OTL.exe [2013.06.30 14:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.06.30 14:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.06.30 14:40:40 | 000,000,000 | ---D | C] -- C:\Users\Nathi\Desktop\Problemanalyse [2013.06.23 19:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.06.23 19:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.06.23 19:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.06.23 19:34:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.23 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\OpenOffice.org [2013.06.23 18:45:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.06.23 18:43:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.06.23 18:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.06.23 18:35:36 | 000,000,000 | ---D | C] -- C:\Users\Nathi\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.06.23 13:17:24 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\APN [2013.06.23 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.06.23 13:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.06.23 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.06.23 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.23 13:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.19 10:20:59 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Adobe [2013.06.19 09:50:51 | 000,000,000 | ---D | C] -- C:\Update [2013.06.17 03:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.06.17 02:13:27 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Intel [2013.06.13 21:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\mpDRM [2013.06.13 21:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mpDRM [2013.06.13 21:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\fluxDVD [2013.06.13 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fluxDVD [2013.06.13 21:41:26 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoload Manager [2013.06.13 21:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoload Manager [2013.06.13 21:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Videoload Manager [2013.06.13 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Mozilla [2013.06.13 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Mozilla [2013.06.13 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.06.13 21:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.06.13 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.13 21:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013.06.13 21:11:24 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.13 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Google [2013.06.13 20:57:07 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Adobe [2013.06.12 08:56:55 | 000,000,000 | ---D | C] -- C:\Users\Nathi\Desktop\Nicht gucken! ;D [2013.06.10 22:54:38 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Sony Corporation [2013.06.10 22:54:03 | 000,000,000 | ---D | C] -- C:\Users\Nathi\Documents\Downloads [2013.06.10 22:52:39 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Google [2013.06.10 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\ATI [2013.06.10 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\ATI [2013.06.10 22:52:19 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Intel Corporation [2013.06.10 22:52:14 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Broadcom [2013.06.10 22:52:14 | 000,000,000 | ---D | C] -- C:\Users\Nathi\Documents\Bluetooth-Exchange-Ordner [2013.06.10 22:50:39 | 000,000,000 | R--D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.06.10 22:50:39 | 000,000,000 | R--D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.06.10 22:50:38 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Searches [2013.06.10 22:50:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool [2013.06.10 22:50:01 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Sony Corporation [2013.06.10 22:50:01 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Vorlagen [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\AppData\Local\Verlauf [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\AppData\Local\Temporary Internet Files [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Startmenü [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\SendTo [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Recent [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Netzwerkumgebung [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Lokale Einstellungen [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Documents\Eigene Videos [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Documents\Eigene Musik [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Eigene Dateien [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Documents\Eigene Bilder [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Druckumgebung [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Cookies [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\AppData\Local\Anwendungsdaten [2013.06.10 22:49:58 | 000,000,000 | -HSD | C] -- C:\Users\Nathi\Anwendungsdaten [2013.06.10 22:49:57 | 000,000,000 | --SD | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Videos [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Saved Games [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Pictures [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Music [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Links [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Favorites [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Downloads [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Documents [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Desktop [2013.06.10 22:49:57 | 000,000,000 | R--D | C] -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.06.10 22:49:57 | 000,000,000 | -H-D | C] -- C:\Users\Nathi\AppData [2013.06.10 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Temp [2013.06.10 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\Microsoft [2013.06.10 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Media Center Programs [2013.06.10 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Macromedia [2013.06.10 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Roaming\Identities [2013.06.10 22:49:47 | 000,000,000 | R--D | C] -- C:\Users\Nathi\Contacts [2013.06.10 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\Nathi\AppData\Local\VirtualStore [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Programme [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.06.10 22:49:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.06.10 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2013.06.10 22:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm [2013.06.10 22:46:41 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\de-DE [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.06.10 22:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.06.10 22:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm [2013.06.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN [2013.06.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr [2013.06.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.06.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.06.10 22:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts [2013.06.10 22:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.06.10 22:45:22 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.06.10 22:45:22 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.06.10 22:45:16 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.06.10 22:45:16 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.06.10 22:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2 [2013.06.10 22:16:45 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL [2013.06.10 22:16:44 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll [2013.06.10 22:16:44 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys [2013.06.10 22:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2013.06.10 22:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2013.06.10 22:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2013.06.10 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.06.10 22:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.10 22:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote for VAIO [2013.06.10 22:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2013.06.10 22:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Evernote [2013.06.10 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.06.10 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.06.10 22:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.06.10 22:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc [2013.06.10 22:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2013.06.10 22:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software [2013.06.10 22:10:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.06.10 22:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.06.10 22:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.06.10 22:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.06.10 22:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.06.10 22:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.06.10 22:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.06.10 22:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.06.10 22:04:46 | 000,000,000 | ---D | C] -- C:\_FS_SWRINFO [2013.06.10 22:04:45 | 000,000,000 | ---D | C] -- C:\Documentation [2013.06.10 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.06.10 22:04:10 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys [2013.06.10 22:03:08 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee.com [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mcafee.com [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mcafee [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2013.06.10 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mcafee [2013.06.10 22:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.06.10 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2013.06.10 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2013.06.10 21:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2013.06.10 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.06.10 21:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.06.10 21:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.06.10 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint [2013.06.10 21:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.06.10 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2013.06.10 21:56:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.06.10 21:56:20 | 000,369,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013.06.10 21:56:20 | 000,307,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013.06.10 21:56:20 | 000,307,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013.06.10 21:56:20 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013.06.10 21:56:20 | 000,095,432 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013.06.10 21:56:20 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013.06.10 21:56:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.06.10 21:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.06.10 21:55:54 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.06.10 21:55:54 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.06.10 21:55:54 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.06.10 21:55:54 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.06.10 21:55:54 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.06.10 21:55:53 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.06.10 21:55:53 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.06.10 21:55:53 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.06.10 21:55:53 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.06.10 21:55:53 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.06.10 21:55:53 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.06.10 21:55:53 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.06.10 21:55:53 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.06.10 21:55:53 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.06.10 21:55:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.06.10 21:55:53 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.06.10 21:55:53 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.06.10 21:55:53 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.06.10 21:55:53 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.06.10 21:55:53 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.06.10 21:55:53 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.06.10 21:55:53 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.06.10 21:55:53 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.06.10 21:55:53 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.06.10 21:55:53 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.06.10 21:55:53 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.06.10 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.06.10 21:55:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.06.10 21:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.06.10 21:55:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.06.10 21:49:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.06.30 14:55:51 | 000,000,000 | ---- | M] () -- C:\Users\Nathi\defogger_reenable [2013.06.30 14:52:55 | 000,377,856 | ---- | M] () -- C:\Users\Nathi\Desktop\gmer_2.1.19163.exe [2013.06.30 14:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathi\Desktop\OTL.exe [2013.06.30 14:51:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.30 14:51:10 | 000,050,477 | ---- | M] () -- C:\Users\Nathi\Desktop\Defogger.exe [2013.06.30 14:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.30 14:45:04 | 3106,488,320 | -HS- | M] () -- C:\hiberfil.sys [2013.06.30 14:15:23 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568582899-2076229757-1355805498-1000UA.job [2013.06.30 10:31:15 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 10:31:15 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 10:28:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.30 10:28:37 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.30 10:28:37 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.30 10:28:37 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.30 10:28:37 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.23 19:36:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.06.23 19:36:01 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.06.23 19:35:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.23 19:20:15 | 000,301,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.23 18:50:44 | 000,001,239 | ---- | M] () -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.23 18:43:45 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.06.22 22:17:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568582899-2076229757-1355805498-1000Core.job [2013.06.21 11:20:26 | 000,002,369 | ---- | M] () -- C:\Users\Nathi\Desktop\Google Chrome.lnk [2013.06.17 04:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.17 04:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.13 21:31:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.12 08:56:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.06.10 22:46:51 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.06.10 22:46:51 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.06.10 22:46:23 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.06.10 22:46:23 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.06.10 22:45:22 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.06.10 22:45:22 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.06.10 22:45:16 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.06.10 22:45:16 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.06.10 22:18:59 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\Media Gallery.lnk [2013.06.10 21:58:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.06.10 21:57:25 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ========== Files Created - No Company Name ========== [2013.06.30 14:55:51 | 000,000,000 | ---- | C] () -- C:\Users\Nathi\defogger_reenable [2013.06.30 14:52:54 | 000,377,856 | ---- | C] () -- C:\Users\Nathi\Desktop\gmer_2.1.19163.exe [2013.06.30 14:51:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.30 14:51:10 | 000,050,477 | ---- | C] () -- C:\Users\Nathi\Desktop\Defogger.exe [2013.06.23 19:36:01 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.06.23 19:36:01 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.06.23 19:35:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.23 19:35:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.23 18:50:44 | 000,001,239 | ---- | C] () -- C:\Users\Nathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.23 18:43:45 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.06.18 09:56:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.06.18 09:14:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.06.17 04:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.17 04:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.13 21:31:37 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.13 21:31:36 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.13 21:11:24 | 000,002,369 | ---- | C] () -- C:\Users\Nathi\Desktop\Google Chrome.lnk [2013.06.13 21:06:34 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568582899-2076229757-1355805498-1000UA.job [2013.06.13 21:06:34 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568582899-2076229757-1355805498-1000Core.job [2013.06.12 08:56:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.06.10 22:47:17 | 000,654,166 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.06.10 22:47:17 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.06.10 22:47:17 | 000,130,006 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.06.10 22:47:17 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.06.10 22:39:37 | 3106,488,320 | -HS- | C] () -- C:\hiberfil.sys [2013.06.10 22:18:59 | 000,001,303 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk [2013.06.10 22:18:59 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\Media Gallery.lnk [2013.06.10 22:11:29 | 000,002,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk [2013.06.10 22:07:35 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk [2013.06.10 22:04:56 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.06.10 22:04:47 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk [2013.06.10 22:04:32 | 000,001,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk [2013.06.10 21:58:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.06.10 21:56:46 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.06.10 21:51:26 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.06.10 21:51:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.23 18:50:30 | 000,000,000 | ---D | M] -- C:\Users\Nathi\AppData\Roaming\OpenOffice.org ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.06.2013 14:57:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathi\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 81,62% Memory free
7,71 Gb Paging File | 7,00 Gb Available in Paging File | 90,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,59 Gb Total Space | 253,66 Gb Free Space | 89,13% Space Free | Partition Type: NTFS
Computer Name: NATHIS-PC | User Name: Nathi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FC810B-ECE2-4BD3-92C0-B4282D4005FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{3EC01176-E361-454D-B713-11735C52875A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41DC6C58-FFCE-4C8B-B3A2-E09142CF969D}" = lport=139 | protocol=6 | dir=in | app=system |
"{470DCC5D-0CC7-493C-B0A1-C1AF735CF363}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F178277-198C-486E-B0DA-F875E835F212}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B73AC52-1843-4733-9419-C31727C4BB5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CF8DBE3-71E5-4C04-92F7-6D1AAAD45F07}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D1622D4-A57E-4D57-A021-C9F2201059E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FFADE89-5650-474C-86E4-B38E7417956D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63ECA337-94FD-4AA3-9D66-F5672DF6D6A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BA89957-AF17-408D-A0CD-641468C9F053}" = rport=138 | protocol=17 | dir=out | app=system |
"{8DAB0636-6412-44DA-BF49-21041AA21D52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92F8C4F7-8B2A-4901-930B-D6D649C45537}" = rport=137 | protocol=17 | dir=out | app=system |
"{93B28FE5-9E0A-499C-A853-02B788435951}" = lport=445 | protocol=6 | dir=in | app=system |
"{9BAE2877-5BF4-4DE5-B08E-6C0C7F759A75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC20D3D9-5E14-4FFA-8575-167FD1B4B63D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8864263-6897-4E20-A939-0002251A44A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA116D44-9B1B-407E-B192-875041D8E365}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE2C7463-A322-47A5-A0F9-24EF9133DB7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1C093EB-B9E9-4084-B54A-EA4A2B0ADCCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4FA90F3-46EB-44F9-A73D-51974ED1C619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C75C9EF4-C8A7-4170-8440-F482F24EF9F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F128592C-DDC3-4D1F-8309-70158716D72D}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04169FCC-95CD-486D-A442-682836A6F739}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05AF04A3-80D2-4ACE-9B30-26EB4C71BDB6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1210BF64-A3AF-4C12-85C2-D0D75236672F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{131F4AD2-9328-4720-B97C-C7C03C88F43A}" = protocol=6 | dir=out | app=system |
"{24D44DE9-5FF2-44B1-8C76-CC33513C43BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4366B607-DF29-4E9D-8AAF-3EA795BE60AD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{43FD2F45-D0FE-4AC8-A862-2C671EC2B036}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4445206B-8803-46CC-A375-6639F8557C5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6BD8A370-4459-4757-A7F2-35E2FF8D2F3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F79FFCA-65AC-4D73-9C4A-F8C922E7AD08}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7146BD45-3308-4155-8EB2-96A0885DDB2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8975545E-CA5A-4C4C-B00D-495063249062}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B37722E-C8F8-4A2C-B1E2-31471E9ACF1C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9CC14D09-2EFC-4D26-B651-42FFD5A7D81D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CD9203E-4A3B-4B1C-8922-A4BF0178776E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2E6F32D-90D8-4559-9CB6-8116121C5BE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF5585BB-0033-4ACA-B121-71DE5A3C655A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7E7FC7C-E39A-4988-856B-F7DB4B6CA430}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D48273F6-DB55-47F0-A506-DE53BE583564}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D59085DA-F383-41A2-8E8C-A72313A4536F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8F1FFC6-7920-461D-9732-234C6A487618}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F504D109-E4CE-4EB7-AD33-0CEDA9A4F65F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F768436C-8A5A-4917-8FF6-108A799F8A58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{687C26DE-9A70-B256-170A-717DFA8B360E}" = ATI Catalyst Install Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software
"{E0156F98-8990-09B0-FCEC-1914C3281283}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BA7349-0270-8D01-279E-0960D158B9B0}" = Catalyst Control Center Graphics Full Existing
"{09BF3083-B76F-B5A0-2446-CDCA707F5918}" = CCC Help Russian
"{0F73537E-25F5-81B7-7CD8-517083B1F48D}" = CCC Help Chinese Traditional
"{16E107BF-24A3-28A5-91C9-556A0AA4875D}" = CCC Help Italian
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{2105804E-14A1-1B5C-DF13-FB04C4059972}" = CCC Help Thai
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23CFDAC8-5CCE-1A02-581A-753B0A6BEEE1}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275EA703-F9BD-0F41-F004-DB89011ED5A7}" = CCC Help Dutch
"{2B72AF5B-EC2D-25BD-2A38-5F3C0A727DA8}" = CCC Help Greek
"{3B887224-2336-0699-917A-B38B5B99A254}" = CCC Help French
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F527211-4FDF-76EA-61A5-91EE3161980B}" = Catalyst Control Center Core Implementation
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D279843-4635-85CA-9201-3BD9E179E749}" = CCC Help Chinese Standard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B4E92B0-6691-E4A1-A86B-6600BD6972D4}" = CCC Help Turkish
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B81E20-730A-F440-FB01-C7B3716CB80A}" = Catalyst Control Center Graphics Previews Common
"{77F38281-1BAC-80B3-D99E-AE11CE3A0924}" = Catalyst Control Center Graphics Full New
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D793D3E-C37E-4C1D-4ACF-D05878F5D480}" = CCC Help Japanese
"{7FC454AE-6857-215B-33FF-D50835C32EF9}" = CCC Help Danish
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F2DAC3B-E040-1B90-D882-EEF8033AA0A5}" = Catalyst Control Center Graphics Previews Vista
"{919FBC0E-93A3-445A-2055-BCB23AED1641}" = Catalyst Control Center Localization All
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B19E486A-59E8-5585-CB2F-4DCB1B230368}" = CCC Help Czech
"{B945DDC0-3213-4850-8B20-F2DA67FDFE9E}" = CCC Help Norwegian
"{BA1CA03B-8F13-12C6-BCE6-46C422B357AE}" = CCC Help German
"{BBF0B71F-F8F3-70FD-B558-7835894F40A5}" = CCC Help Portuguese
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{D4CE65B8-23C1-A51B-6739-AE6686DD6C6D}" = CCC Help Korean
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7F08B1C-A956-3A0A-E891-83173A2F73BA}" = Catalyst Control Center Graphics Light
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{D9D30D77-E0E2-6B2F-3C7B-0D8C9A82C8DB}" = CCC Help English
"{DBE88A57-BD7B-E315-C07D-D203E514BB58}" = CCC Help Finnish
"{DD256151-9EAC-9D83-8D60-A475F092CF03}" = CCC Help Hungarian
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F572C0E3-90D1-CC46-C163-4C4E50D3C220}" = ccc-core-static
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F93A233E-59A6-CBD2-68D3-4446D710EDA5}" = CCC Help Polish
"{FB33CE0D-D26D-86C3-9BD5-F58631EAE3C2}" = CCC Help Swedish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"PremElem80" = Adobe Premiere Elements 8.0
"Videoload Manager" = Videoload Manager 2.0.2220
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.06.2013 17:04:33 | Computer Name = Nathis-PC | Source = Application Hang | ID = 1002
Description = Programm Adobe Premiere Elements 8.0.exe, Version 8.0.0.0 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 44c Startzeit: 01ce661e0504a0e8 Endzeit: 0 Anwendungspfad: C:\Program
Files (x86)\Adobe\Adobe Premiere Elements 8.0\Adobe Premiere Elements 8.0.exe Berichts-ID:
Error - 16.06.2013 14:10:56 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
3048 (0xbe8) Thread-Adresse: 0x000000007708FFAA Thread-Nachricht: Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 16.06.2013 20:06:21 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
3060 (0xbf4) Thread-Adresse: 0x000000007734F7AA Thread-Nachricht: Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 16.06.2013 20:15:43 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
2840 (0xb18) Thread-Adresse: 0x000000007759F72A Thread-Nachricht: Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 16.06.2013 20:21:15 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
4760 (0x1298) Thread-Adresse: 0x000000007759F72A Thread-Nachricht: Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\system32\SndVol.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.06.2013 20:25:27 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
4444 (0x115c) Thread-Adresse: 0x000000007759F72A Thread-Nachricht: Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\system32\SndVol.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.06.2013 20:29:03 | Computer Name = Nathis-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
4016 (0xfb0) Thread-Adresse: 0x000000007759F72A Thread-Nachricht: Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\mmres.dll
by C:\Windows\system32\SndVol.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 16.06.2013 21:56:23 | Computer Name = Nathis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McShield" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.06.2013 14:55:19 | Computer Name = Nathis-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
Error - 17.06.2013 16:33:15 | Computer Name = Nathis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2013 um 22:31:25 unerwartet heruntergefahren.
Error - 18.06.2013 04:01:40 | Computer Name = Nathis-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 18.06.2013 04:39:01 | Computer Name = Nathis-PC | Source = DCOM | ID = 10010
Description =
Error - 18.06.2013 04:46:15 | Computer Name = Nathis-PC | Source = DCOM | ID = 10010
Description =
Error - 18.06.2013 04:52:09 | Computer Name = Nathis-PC | Source = DCOM | ID = 10010
Description =
Error - 18.06.2013 13:55:28 | Computer Name = Nathis-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 18.06.2013 19:13:46 | Computer Name = Nathis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?06.?2013 um 01:11:56 unerwartet heruntergefahren.
Error - 19.06.2013 02:40:04 | Computer Name = Nathis-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
Gmer bekomme ich momentan nicht hochgeladen, da die Datei zu groß ist bzw. zu viele Zeichen enthält. Werde später den Scan nochmal durchführen lassen und hoffentlich nachschieben. Notfalls in mehreren Teilen..... Geändert von seal.1 (30.06.2013 um 16:18 Uhr) |
| Themen zu Laptop reagiert nach einigen Minuten nicht mehr |
| adobe, autorun, bho, error, explorer, firefox, flash player, format, frage, home, install.exe, installation, internet, logfile, mozilla, object, phishing, plug-in, realtek, registry, rundll, scan, security, siteadvisor, software, svchost.exe, windows |
Baum-Darstellung