| |
| |||||||
Log-Analyse und Auswertung: RegClean Pro VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2014, 20:19
| #1 |
| |  RegClean Pro Virus Hi, Nachdem ich heute überhastet eine Datei zum auslesen meines Windows 7 CD Keys installiert habe, habe ich mir leider den RegClean Pro Virus eingefangen. Nachdem ich alle Schritte eures Tutorials (http://www.trojaner-board.de/147348-...entfernen.html) durchgegangen bin, bin ich mir recht sicher ihn los zu sein, will aber dennoch auf Nummer sicher gehen und poste hier die beiden OTL Logfiles mit der bitte an euch sie einmal zu überprüfen. Ich danke euch im Vorraus und wünsche einen schönen Feiertag. LG rauchi OTL Extras logfile created on: 08.06.2014 21:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,71 Gb Available Physical Memory | 71,42% Memory free 15,99 Gb Paging File | 13,47 Gb Available in Paging File | 84,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 24,48 Gb Free Space | 20,54% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 518,77 Gb Free Space | 27,85% Space Free | Partition Type: NTFS Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 2,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045AC2D7-E53B-4AB8-A366-9097CCFD0F00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1EB0CC53-1707-4663-BA84-19498C357D66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{20BF443D-8B13-4E21-9F77-2D2C0621891B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2C590914-8E79-4F90-BE0D-29E64AB99DDF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2F211A61-9A7F-434A-9D2D-BEB6B94303B4}" = rport=138 | protocol=17 | dir=out | app=system | "{35A39C86-3D2C-4CA6-85BF-66DEEDE5DECF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{37E264E3-6A71-4720-A6E5-55EE56BF0E4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F4B470E-151D-4500-BE00-6FBCF66E9218}" = rport=10243 | protocol=6 | dir=out | app=system | "{411676AB-0F16-4023-B6A8-1A186C2B9905}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{41CAE32A-E85C-42CB-A88A-A7B422DFCDD7}" = lport=445 | protocol=6 | dir=in | app=system | "{427AC80F-431C-4766-B526-5D942B14126A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{427F434E-47A9-474C-8328-3B5F8A6B7756}" = lport=10243 | protocol=6 | dir=in | app=system | "{4A1A97EE-BBCC-4421-8318-E57A2DA3101E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B50E80E-C82C-4D87-8C58-0D80803D9178}" = lport=139 | protocol=6 | dir=in | app=system | "{4F72875C-BD79-43DF-AE72-E517FFFC2460}" = rport=139 | protocol=6 | dir=out | app=system | "{5292564E-4C20-474D-AD3A-4EEFC189BCFA}" = lport=2869 | protocol=6 | dir=in | app=system | "{64396CDB-73F0-497A-B8AF-4617DE379DE9}" = lport=138 | protocol=17 | dir=in | app=system | "{70BA9127-7C0B-4298-9332-5E4D6DCA9966}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7578F801-81C8-484B-B72B-88BC90926BF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C006C00-54DC-4D32-853A-50B32EC04E07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7D153174-F1CE-4E37-82BB-D657D723B333}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7EDCBFBA-D79B-4398-A2F7-F90CBA7C31D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8047A12C-5A3E-4911-B0F4-8F5456967CAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{890DB32B-00B2-4CD7-923B-0551306D8DB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{952D05AE-450D-4976-874E-34B99082CE8F}" = lport=137 | protocol=17 | dir=in | app=system | "{9818FA4C-EA37-45D1-8310-9903ECE6C48A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A55D5829-E90F-4AEE-88FB-70E3B3C6D48A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{ABD87705-9230-4D6D-83E4-EBC0709F70BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B2E84585-E46D-443F-9E99-8C6370B5DF66}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{B91A9DC9-976A-4826-AE87-38DE37171074}" = rport=137 | protocol=17 | dir=out | app=system | "{BB86BFF1-0947-41BF-88F2-711333A3F267}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C40CE52B-B47C-4F37-8775-6CBDB1740F42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D4166000-0188-4D16-972B-50C8B9B4A6AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D673F4EB-7922-4B05-9CD4-E719D5986BF3}" = rport=445 | protocol=6 | dir=out | app=system | "{DC9A9225-7156-4572-A80B-9CA98CACDFB4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{E22E74B4-EC56-4EFF-8FF3-19995F2CE6F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E4EED28C-9DFB-41B1-8C8F-ABC81339A343}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04C84E60-0C53-4973-9891-4E76C7A0AFCC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{0614E07D-1047-4C3B-A19E-C15AC2494D86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{072E252C-E794-4EB4-BC74-948A0D85825C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{0B753FF2-13C9-4436-80BC-00423B929FA2}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{14726D18-648F-4A6A-B67E-B2EAA22D529D}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe | "{1483C218-C24F-4692-8742-1F661EAC1FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1B4395D0-AE5E-41D2-B273-388409F2E045}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{22277787-2375-4C38-A1F3-8EAD1AB97F89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | "{26A37598-48F3-449F-B0D7-62E37448D3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{38F31509-047F-43C3-8207-389CA5A52F55}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | "{390ECA98-8F77-4A4A-BBC0-39E5EF1BB5C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D11086D-D0B5-4811-89AA-4ECEF74BB663}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3E97EBC4-B29C-4823-9B99-8F1ADC38D6CE}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\portal 2\portal2.exe | "{40B57F1B-348D-452B-8052-31ABE27B4E36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4CBD9C88-A958-4FC0-B558-174E8B7E0FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{4D37F07C-264D-400B-941D-EB30EF7D54C4}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{51706A85-5026-4794-9548-F4226B5B700C}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe | "{5383117E-2726-4AC2-8921-1EF196BAD2BE}" = protocol=17 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe | "{55A1266D-684F-43D2-9EF3-4F21C376C4C3}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{55CB863C-50B7-4090-8597-D9833B244BE1}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | "{564DD686-F79F-44E1-8D7B-AC3F6E00454C}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{57584503-ECC5-4543-AD34-14602D8BC024}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5A902EDC-9DBE-4E84-8E50-69379439EEC9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{5D9913BF-27F9-4F7D-86EF-2902F84A7CD3}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{649E0C13-BBC4-405B-BE2C-FDEF0060C437}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{66FA0A4F-4052-4734-9C76-B0A18AA95DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{694FFEB0-91A3-4B87-A7C6-2D17BB29CF37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{6A7BD817-B593-4258-82FA-5758403B4A05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | "{6BBC3AD4-7F1B-46B0-A130-EB6DD237180B}" = protocol=6 | dir=in | app=d:\programme\battle.net\battle.net.exe | "{6D970CE2-8004-486F-AD8A-937A184615C9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{72F0867B-4F97-4F83-ABC9-D174E4A67C55}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe | "{7487D80F-B861-410C-AAEC-4622B67F6996}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{75685280-498E-48E1-BD3D-8FC4AF013F94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7CD44C51-3E65-4F0E-8947-3E1CA029C710}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CF0D3DA-E904-49DD-B11A-106452FA2BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{7F750C6E-2C0D-4C75-898D-5B6806EC8731}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\tropico 4\tropico4.exe | "{81E5B001-A5AA-4449-8C4D-25B57E1CC99E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8281A12E-140E-43A6-816C-762AAA54B1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{83EF19CC-5D56-4325-B825-4102DBEE0FCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{874EA3D4-75D7-4D21-AE37-6F46921F0B32}" = protocol=17 | dir=in | app=d:\programme\bfbc2\bfbc2updater.exe | "{924BA05D-B3D7-4E72-9164-D85AA8B6AA0D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{9330870A-9DCF-4061-B891-40CF8289B45F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{9446D389-DCDD-4AEF-9F81-333ABC0097AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B70B2E6-C34E-4780-8EBA-7C0F637E894F}" = protocol=6 | dir=in | app=d:\programme\battle.net\hearthstone\hearthstone.exe | "{9CE791BF-4093-4DB3-9FFE-329A4F7D4AE6}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa world\fifaworld.exe | "{A4773BAB-0215-4D57-96C4-EA98F98B5990}" = protocol=17 | dir=in | app=d:\programme\battle.net\battle.net.exe | "{A7A95F77-C2AE-428C-BDC1-376BAD16CF5C}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{A8D591BF-86AA-41DA-9932-2DB2990532C1}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\portal 2\portal2.exe | "{AC0D6FBA-5891-42DC-89C4-0837413E22E1}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | "{AD731F56-34D3-4FBE-97B8-29B670C0A729}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B236849F-D8B2-418A-A64C-98D61F44C492}" = protocol=17 | dir=in | app=d:\programme\battle.net\hearthstone\hearthstone.exe | "{B2EAD5EB-A2BF-4EA5-A0DB-3932C7AC9575}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B4D8D0D6-4DAA-4F6C-986A-6B2B9168069D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B8E0EF78-BC4C-4FB9-80D0-857BEAF50F8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BBEB1DF2-4D51-431D-B0BF-70DB8E015176}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{C28E2A62-576E-470A-8D82-E75DBE3981F7}" = protocol=6 | dir=in | app=d:\programme\bfbc2\bfbc2updater.exe | "{C89AA281-1277-403E-B588-AABCC2AD68DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C964AB1A-D079-4B4F-8EA0-6988F0127F12}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA8EB1E1-3D70-4168-B8A0-28269F75E72F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CB80D9B3-0292-4DF6-AA46-B36B3245AF35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC8D8AFC-3039-4046-82FE-A253C7103132}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{CD03C04C-B92B-4BAD-9E8B-B1048FDA6D32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{D1464E2D-B913-43FE-A1C7-53A819369C60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D599BF36-95D3-4F98-85B2-3174188CA1CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D6FE36A9-5C37-4CCE-BDF6-DF8787F9D656}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D8EB1886-5DAE-4382-859F-0140244985EC}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | "{DB9A754F-D720-4920-AC80-F12FD80EEFB0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DE36BAC3-00FF-4001-B236-0A4E6D08F6E6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{E1457142-B0EB-415E-B4A9-E6D3E7C07BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E26C2282-700E-4DA8-B8E3-86B24490203C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{E36987AA-5906-4C4E-848E-422AA1800441}" = protocol=6 | dir=out | app=system | "{E64426BC-F2FC-4B55-875F-4601254F7BC6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{E6F7AB92-B310-48D0-ABCA-83E10F0A632C}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\tropico 4\tropico4.exe | "{E7DC8A3D-2AF4-486B-B098-429A6951DC3B}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{EAEADE59-8E49-4A05-BC9B-8595ECAA2BAF}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{EB605931-DB9E-4050-A28B-DA4F83EC2AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{EE8E7BE3-1A62-4009-A526-B9611B4EDE44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F0D126C1-8032-4D10-A42A-8DA3AC16CB88}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{F3EC10A0-56C8-428A-8F6D-5E1537F87B3D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{F7DC4DE9-BD39-4E2C-AC8A-BDF11A9E8C9D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{FBD8C5D2-A170-4388-9040-00FAFA848310}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{FC7A729D-8871-4266-AF46-B7A10D2298A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{FE51D42A-5D89-45B4-BF25-B321D7E2727D}" = protocol=6 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe | "{FE762D04-4DA4-429E-8F21-CE6C199EE01F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{00B1C0A1-9142-4897-A1E2-14B82AB81720}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{04E7967A-0A87-4966-8270-A77565025BD6}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{152D6805-2386-4670-A227-CD6B8AD15295}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{17B4F482-6F2E-441C-A6F6-435517247394}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{42D3F4C7-3CA9-41E0-A57F-E87E9D3A28AE}C:\programdata\battle.net\agent\agent.2717\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "TCP Query User{4F3E7062-5DD8-4F69-8383-5D9F2B158CF5}D:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe | "TCP Query User{5203E9E5-168E-4FEA-99AD-86133CCA694C}D:\steamlibrary\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "TCP Query User{52497DC2-7E09-449A-B545-2A02B4DDBBEC}C:\program files (x86)\age of wonders iii\aow3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of wonders iii\aow3.exe | "TCP Query User{62209F22-22F6-4503-8E78-DE3DBB4B6BC3}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{7446030F-2EDA-4ED9-9BA4-F8968BBC7A7F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{7C8276D0-B704-48B1-AB69-680B9C47F6DC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{8FCAA91B-A326-4D16-B857-9E2B005AD61F}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "TCP Query User{9363CB64-3EB1-48EC-85EB-F23C9C4A51CB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{9A387951-C5BC-47D7-A91F-4ECFF2C0905B}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{B64AE846-E85F-4255-AF68-8487E86D6C0E}D:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe | "TCP Query User{BB2EBEDA-30BD-42C9-A628-EB64073986FA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{BB2FD03E-E917-48D5-B7B7-FF1A1C43B0F6}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "TCP Query User{C1D733DF-E86D-4B81-B022-898CB82B2A4D}D:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe | "TCP Query User{C3E6C56A-1806-4C7F-801C-BC53895ED7C5}C:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "TCP Query User{DFFB56C6-E5B0-4380-A382-AB82DF76FA47}D:\programme\bfbc2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\programme\bfbc2\bfbc2game.exe | "TCP Query User{E395A0A7-48DF-48E8-9242-AAE249324859}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | "TCP Query User{E67A591D-D627-49F9-946C-9BF90C6DBDB2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{0283CDCB-943F-489D-8477-7823DD95696A}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{0843E3C4-6AB3-4599-99D6-B1B9E1D52441}D:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe | "UDP Query User{0B10A86A-D7DC-4B65-9E54-8EB82BA65BB3}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{194CA4A9-F27A-4668-A8D8-2766D21948B9}C:\program files (x86)\age of wonders iii\aow3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of wonders iii\aow3.exe | "UDP Query User{1EFEDB38-9E08-453A-B02C-5360114A0A43}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{248A9610-150D-4C5D-8833-2831D4D5848E}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{310D6A13-FC97-4BF0-AA8B-4E060A279B35}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | "UDP Query User{4897BCDC-9F6A-4204-9C6C-9FD97246A55D}D:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes\reliccoh.exe | "UDP Query User{61272B9F-80E4-4585-A4C9-E8EC8192BFD1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{7572C8A8-E96E-4BFD-91AE-DB6703740C05}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{7B124105-56F0-40EB-A17F-66A526FA7FA7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{807F1EE6-786B-401F-8297-0728480E6020}D:\programme\bfbc2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\programme\bfbc2\bfbc2game.exe | "UDP Query User{9733407F-305E-4E4F-86B5-A002C0981448}D:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\company of heroes relaunch\reliccoh.exe | "UDP Query User{9F5FBF04-C94C-4F89-9826-34C15F675246}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "UDP Query User{C2E94740-A52D-44E3-B412-DCD073449B56}C:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "UDP Query User{C5A44C36-9047-4B17-96D2-3912F9559E67}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{C6204DAC-592B-402A-B724-DC27827329D9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{CDF21EB7-94E2-420D-8342-F113E9986E7A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{D2137006-14EF-40DF-AA68-B3B63F4EF7D8}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "UDP Query User{D6A68819-455C-4775-A555-967F1F2C6EB5}C:\programdata\battle.net\agent\agent.2717\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "UDP Query User{EB00D880-8AB9-4A3D-8652-95D55793F6E5}D:\steamlibrary\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "UDP Query User{FB01E475-514C-4F6D-9C95-6C03EE0741CB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013 "{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013 "{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013 "{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013 "{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013 "{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français "{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano "{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013 "{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013 "{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013 "{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013 "{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013 "{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013 "{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013 "{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013 "{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "0630-0716-3135-7887" = JDownloader 2 "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "C19278C6DB5D44F2EAC8AFBCCA7FD6CFDBF4884C" = Windows Driver Package - Acer, Inc (androidusb) USB (03/06/2012 1.0.0010.00000) "CCleaner" = CCleaner "EBFE4DBC36C8B8E2F5F080132B0C197C1915C0DB" = Windows Driver Package - Linux Developer Community Net (03/06/2012 5.1.2600.2781) "EPSON XP-202 203 206 Series" = Druckerdeinstallation für EPSON XP-202 203 206 Series "Microsoft Security Client" = Microsoft Security Essentials "Office15.PROPLUS" = Microsoft Office Professional Plus 2013 "sp6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.8 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery "{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions "{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1E690789-503A-4733-B224-7FE1DA597F2A}_is1" = SuperBeam version 1.1.0 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker "{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{6B0A8356-2312-497F-B11D-0839D0BDB7CE}" = HTC Sync "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports FIFA World "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Carbon "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common "{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform "{E357C7B4-E337-4E43-84F1-8FDAF1EF4038}" = calibre "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Ant Renamer 2_is1" = Ant Renamer "Battle.net" = Battle.net "Battlelog Web Plugins" = Battlelog Web Plugins "CrystalDiskInfo_is1" = CrystalDiskInfo 6.1.12 "DAEMON Tools Lite" = DAEMON Tools Lite "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "EPSON Scanner" = EPSON Scan "EPSON XP-202 203 206 Series Netg" = Netzwerkhandbuch EPSON XP-202 203 206 Series "EPSON XP-202 203 206 Series Useg" = Benutzerhandbuch EPSON XP-202 203 206 Series "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.3 "Free YouTube Download_is1" = Free YouTube Download version 3.2.20.1230 "Google Chrome" = Google Chrome "Hearthstone" = Hearthstone "InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de) "Mozilla Thunderbird 24.5.0 (x86 de)" = Mozilla Thunderbird 24.5.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "Origin" = Origin "PrintProjects" = PrintProjects "PunkBusterSvc" = PunkBuster Services "QWdlb2ZXb25kZXJzSUlJ_is1" = Age of Wonders III "RemoteControl for Winamp1.00" = RemoteControl for Winamp "Shotcut" = Shotcut "Steam App 228200" = Company of Heroes (New Steam Version) "Steam App 240" = Counter-Strike: Source "Steam App 400" = Portal "Steam App 4560" = Company of Heroes "Steam App 48220" = Might & Magic: Heroes VI "Steam App 57690" = Tropico 4 "Steam App 620" = Portal 2 "Steam App 644" = Portal 2 Publishing Tool "Steam App 730" = Counter-Strike: Global Offensive "Steam App 8930" = Sid Meier's Civilization V "Steam App 9340" = Company of Heroes: Opposing Fronts "TeamViewer 8" = TeamViewer 8 "Tropico 5_is1" = Tropico 5 "U291dGhwYXJrU3RpY2tvZlRydXRo_is1" = Southpark Stick of Truth "Uplay" = Uplay "Warcraft III" = Warcraft III "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "31dfee6c296bca85" = VpnOneClick "Dropbox" = Dropbox "Winamp Detect" = Winamp Erkennungs-Plug-in "XBMC" = XBMC ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.06.2014 14:08:47 | Computer Name = **** | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 08.06.2014 14:08:50 | Computer Name = **** | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 08.06.2014 14:09:10 | Computer Name = **** | Source = WinMgmt | ID = 10 Description = Error - 08.06.2014 14:57:22 | Computer Name = **** | Source = WinMgmt | ID = 10 Description = Error - 08.06.2014 15:05:42 | Computer Name = **** | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:52 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:54:53 | Computer Name = **** | Source = DCOM | ID = 10005 Description = Error - 08.06.2014 14:54:53 | Computer Name = **** | Source = DCOM | ID = 10005 Description = Error - 08.06.2014 14:54:53 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.06.2014 14:56:49 | Computer Name = **** | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ESET Uninstaller Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > ----------------------------------------------------------------------------------------- OTL logfile created on: 08.06.2014 21:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,71 Gb Available Physical Memory | 71,42% Memory free 15,99 Gb Paging File | 13,47 Gb Available in Paging File | 84,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 24,48 Gb Free Space | 20,54% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 518,77 Gb Free Space | 27,85% Space Free | Partition Type: NTFS Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 2,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - c:\users\****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbygoa.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\libcef.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Rockusb) -- C:\Windows\SysNative\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 4E 91 9B 83 BE CD 01 [binary data] IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14247;https=127.0.0.1:14247 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: identfavicon%40david.hanak.hu:0.3.4.7 FF - prefs.js..extensions.enabledAddons: real%40debrid:2.3b FF - prefs.js..extensions.enabledAddons: sendtophone%40martinezdelizarrondo.com:1.2.4 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1 FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0 FF - prefs.js..extensions.enabledItems: plugin@apture.com:1.6 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:4.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2014.06.08 20:57:03 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.15 15:35:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{19955611-DF29-AF36-33C4-DDED236A4ACB}: C:\Program Files (x86)\Buzz-it-soft\171.xpi FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.15 15:35:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.09 16:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2014.06.08 20:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions [2014.05.13 18:32:38 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2013.07.15 23:34:56 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.11.09 16:11:04 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2014.03.25 23:58:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014.02.04 19:28:15 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\foxyproxy@eric.h.jung [2014.04.07 21:06:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\ich@maltegoetz.de [2013.01.01 23:30:36 | 000,000,000 | ---D | M] (Real-Debrid - Plugin) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\cmohvota.default\extensions\real@debrid [2014.04.23 21:22:40 | 001,533,185 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\firefox@ghostery.com.xpi [2012.11.20 15:55:52 | 000,026,318 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\identfavicon@david.hanak.hu.xpi [2013.11.26 22:46:17 | 000,090,822 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\sendtophone@martinezdelizarrondo.com.xpi [2013.05.26 14:27:26 | 000,067,831 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2013.07.02 18:06:34 | 000,345,379 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2014.06.05 21:39:43 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.31 01:42:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014.06.03 15:33:59 | 000,001,164 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\cmohvota.default\searchplugins\fettrechner.xml [2014.05.10 18:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.05.10 18:06:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.10.17 12:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: sweet-page (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, CHR - plugin: Erster Nutzer (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Error reading preferences file CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Hide My Ass! Web Proxy = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Falcon Proxy = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\0.6.9_0\ CHR - Extension: \n \n = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbbibgacefekgpnjblfjeccdljiaabng\2013.8.18.50179_0\ CHR - Extension: Google Wallet = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Proxy List - Free Proxies for everyone = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn\3.0_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series" File not found O4 - HKU\S-1-5-21-3260956290-1310355472-3566160479-1000..\Run: [LightShot] C:\Users\****\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADD7B333-B153-4AD6-BD5B-8672FBC6777A}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBF7060-FB65-4DF5-8C56-FDC0460446F3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - E:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [1999.12.12 00:00:00 | 000,000,041 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0c6cce40-3291-11e2-82f7-00241dd862f3}\Shell - "" = AutoRun O33 - MountPoints2\{0c6cce40-3291-11e2-82f7-00241dd862f3}\Shell\AutoRun\command - "" = G:\setup.exe -- [1999.12.12 00:00:00 | 000,740,844 | R--- | M] (CODEX ) O33 - MountPoints2\{5c5e1a9e-291f-11e2-818f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5c5e1a9e-291f-11e2-818f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O33 - MountPoints2\{928b2670-3b99-11e2-b6d2-00241dd862f3}\Shell - "" = AutoRun O33 - MountPoints2\{928b2670-3b99-11e2-b6d2-00241dd862f3}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.06.08 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Geek Uninstaller [2014.06.08 20:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2014.06.08 19:58:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.06.08 19:55:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.06.08 19:39:54 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.06.08 19:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.06.08 19:38:59 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.06.08 19:38:59 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.06.08 19:38:59 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.06.08 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.06.08 19:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.06.08 19:38:10 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe [2014.06.08 19:38:10 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\****\Desktop\JRT.exe [2014.06.08 19:38:10 | 000,441,592 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\****\Desktop\sc-cleaner.exe [2014.06.08 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Abelssoft [2014.06.03 15:42:29 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Battlefield 3 [2014.06.03 15:41:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ESN [2014.06.03 15:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2014.06.03 15:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2014.06.03 15:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2014.06.01 15:52:17 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Cheat Tables [2014.05.29 22:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2014.05.29 22:23:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2014.05.29 18:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2014.05.29 18:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo [2014.05.27 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014.05.23 01:31:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Tropico 5 [2014.05.23 01:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5 [2014.05.23 01:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropico 5 [2014.05.14 08:06:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014.05.14 08:06:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014.05.14 07:25:15 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014.05.14 07:25:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014.05.14 07:25:05 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014.05.14 07:25:04 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014.05.14 07:25:04 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2014.05.14 07:25:04 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2014.05.14 07:25:04 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll [2014.05.14 07:25:04 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2014.05.14 07:25:03 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll [2014.05.14 07:25:03 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2014.05.14 07:25:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2014.05.14 07:25:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll [2014.05.14 07:25:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll [2014.05.14 07:25:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll [2014.05.14 07:25:02 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll [2014.05.14 07:25:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll [2014.05.14 07:25:02 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll [2014.05.14 07:25:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll [2014.05.14 07:25:02 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll [2014.05.14 07:25:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll [2014.05.14 07:25:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll [2014.05.14 07:25:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll [2014.05.14 07:25:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll [2014.05.14 07:25:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2014.05.14 07:25:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2014.05.10 18:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2014.06.08 21:02:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.06.08 21:02:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.06.08 21:02:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.06.08 21:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.06.08 20:59:55 | 001,647,984 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.06.08 20:59:55 | 000,713,790 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.06.08 20:59:55 | 000,658,338 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.06.08 20:59:55 | 000,153,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.06.08 20:59:55 | 000,126,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.06.08 20:59:53 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.06.08 20:55:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.06.08 20:55:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.06.08 20:55:31 | 2144,460,799 | -HS- | M] () -- C:\hiberfil.sys [2014.06.08 19:39:23 | 001,333,465 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner_3.212.exe [2014.06.08 19:39:06 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.06.08 19:36:36 | 000,441,592 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\****\Desktop\sc-cleaner.exe [2014.06.08 19:36:14 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\****\Desktop\JRT.exe [2014.06.08 19:35:49 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe [2014.06.08 15:49:31 | 000,001,357 | ---- | M] () -- C:\Users\****\Desktop\Continue Windows Keyfinder TNG.lnk [2014.06.08 15:03:39 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2014.06.08 15:03:39 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014.06.08 15:03:31 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014.06.08 13:58:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3260956290-1310355472-3566160479-1000.job [2014.06.05 10:22:56 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2014.06.03 17:36:16 | 000,000,438 | ---- | M] () -- C:\Users\****\AppData\Local\UserProducts.xml [2014.06.01 21:07:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014.05.29 18:33:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\fsutil [2014.05.24 11:48:15 | 000,001,051 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.05.13 22:00:55 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.05.13 22:00:55 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2014.06.08 19:39:27 | 001,333,465 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner_3.212.exe [2014.06.08 19:39:06 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.06.08 15:49:31 | 000,001,357 | ---- | C] () -- C:\Users\****\Desktop\Continue Windows Keyfinder TNG.lnk [2014.05.29 18:39:03 | 2144,460,799 | -HS- | C] () -- C:\hiberfil.sys [2014.05.29 18:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\fsutil [2014.03.12 21:09:58 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2013.12.01 23:22:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2013.11.09 00:50:44 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung6.html [2013.11.09 00:42:50 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung5.html [2013.11.09 00:39:41 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung4.html [2013.11.09 00:36:41 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung3.html [2013.11.09 00:33:58 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung2.html [2013.11.09 00:30:55 | 000,001,384 | ---- | C] () -- C:\Users\****\Bildbestellung.html [2013.11.08 23:29:35 | 013,657,508 | ---- | C] () -- C:\Users\****\1.cpr [2013.03.13 23:20:45 | 000,005,120 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.23 16:16:44 | 000,000,438 | ---- | C] () -- C:\Users\****\AppData\Local\UserProducts.xml [2012.12.23 16:12:33 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2012.11.20 16:11:15 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 16:11:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.08 00:09:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.07 23:52:11 | 001,621,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.01 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2014.02.18 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Battle.net [2013.05.24 23:07:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\calibre [2014.03.27 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.11.20 16:08:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2013.01.28 21:34:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DMCache [2014.06.08 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2014.06.08 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DropboxMaster [2014.02.10 09:37:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2013.04.29 20:32:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc [2013.07.19 11:15:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Epson [2013.09.07 10:59:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fatshark [2013.07.19 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2013.02.15 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreshDiagnose [2014.06.08 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Geek Uninstaller [2013.06.15 10:52:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro [2012.11.07 23:37:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC [2012.11.07 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView [2013.01.08 21:49:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media [2014.01.27 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Might & Magic Heroes VI [2014.01.26 23:30:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer [2014.05.21 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++ [2012.11.08 01:07:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2014.05.29 14:48:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin [2013.10.17 20:42:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite [2013.04.24 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2012.11.07 23:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Temp [2012.11.07 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2013.12.22 22:39:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 4 [2014.06.02 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 5 [2013.04.07 17:11:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2013.04.11 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XBMC ========== Purity Check ========== < End of report > |
| Themen zu RegClean Pro Virus |
| autorun, battle.net, bho, bonjour, browser, continue, crystaldiskinfo, error, excel, fehler, flash player, google, homepage, iexplore.exe, install.exe, mozilla, msiexec.exe, preferences, realtek, registry, rundll, scan, security, senden, server, software, stick, svchost.exe, teamspeak, uplay, virus, windows |
Baum-Darstellung