| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 PC friert immer bei minimalster Belastung ein!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2014, 19:15
| #1 |
| |  Windows 7 PC friert immer bei minimalster Belastung ein! Habe einen Stand-PC und kämpfe seit 1 Jahr damit, dass er immer nach einiger Zeit einfach so einfriert und auf gar nix mehr reagiert. Hilft nur ein Hard-Reboot. RAM 4GB windows 7 32-Bit version Intel(R) Pentium(R) 4CPU 3,20 GHZ 3,20GHZ Prozessor Netzteil 1000W Motherboard von MSI G41M-20 und zusätzlich eine Grafikkarte 1 GB ATI Radeon HD 5400 Series also kein so schlechter PC trotzdem eine grauenhafte Leistung. Warum ist das so? Hoffe ich habe nichts vergessen. Die Datei Ereignisse.txt im Anhang ist von Avira die Log-Dateien. Danke schon mal im voraus. Geändert von Mohamed F. (05.08.2014 um 19:32 Uhr) |
|
05.08.2014, 20:13
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 PC friert immer bei minimalster Belastung ein! Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.08.2014, 20:25
| #3 | |
| | Windows 7 PC friert immer bei minimalster Belastung ein!Zitat:
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:46 on 05/08/2014 (Eman)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Eman (administrator) on MOHAMED on 05-08-2014 18:54:09
Running from C:\Users\Eman\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Vimicro) C:\Windows\VM331_STI.exe
(PixArt Imaging Incorporation) C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files\SensorsViewPro42\svservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [Philips Intelligent Agent] => C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe [613792 2008-02-21] (Philips Consumer Electronics)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [BitComet] => "C:\Program Files\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [b5b3ee2ed23a8038ea5de5e1871ca463] => .. [0 2014-08-05] ()
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [TBHostSupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Eman\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [PluginsWhiteListing] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Eman\AppData\Local\WhiteListing\PluginsWhiteListing.dll",DLLRunTBWhiteListPlugin <===== ATTENTION
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\Run: [APISupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Eman\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-404568197-402074635-1120106407-1000\...\MountPoints2: {f606a9d5-eba0-11e1-beb7-806e6f6e6963} - G:\Launch.exe
AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll => c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll File Not Found
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN12856823412143726&UM=2&ctid=CT3297265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://beta.arabic.arabia.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F83F136CB7FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-eg
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5V14633046330&ts=1370888042
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5V14633046330&ts=1370888042
SearchScopes: HKLM - DefaultScope {4966C1E6-CE62-484E-B049-7955B775D132} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5V14633046330&ts=4325445
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_uid=3406133035824709&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4966C1E6-CE62-484E-B049-7955B775D132} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN12856823412143726&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=116777&tt=161012_G1838_4212_7&babsrc=SP_ss&mntrId=5cde74720000000000008c89a5337eb1
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5V14633046330&ts=4325445
SearchScopes: HKCU - {4966C1E6-CE62-484E-B049-7955B775D132} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN12856823412143726&UM=2
SearchScopes: HKCU - {8A29BC7E-08EC-4148-88C9-5EB85386DA98} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=952E5A03-9B54-432F-87C0-96D4B1E22BF3&apn_sauid=86F8E646-36AB-4FF4-9F90-605D2C1F89E6
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/ipswdownloaderforwindows/{73490698-FB45-4F83-8B8F-F4B441955B4B}?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_uid=3406133035824709&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BitAccelerator -> {CAC42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\BitAccelerator\BitAccelerator.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN52628503715478287&UM=false&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\Extensions\staged [2014-06-05]
FF Extension: DVDVideoSoftTB DE - C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2014-06-05]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Eman\AppData\Roaming\Mozilla\Firefox\Profiles\gmdhcoag.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: BitAccelerator - C:\Program Files\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f} [2014-02-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-01]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-06]
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN29234806212854425&UM=2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN29234806212854425&UM=2"
CHR Extension: (No Name) - C:\Users\Eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm [2013-06-24]
CHR Extension: (No Name) - C:\Users\Eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-23]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-23]
CHR HKLM\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Eman\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKLM\...\Chrome\Extension: [hphibigbodkkohoglgfkddblldpfohjl] - C:\Program Files\TorrentHandler\TorrentHandler.crx [2012-10-04]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-09]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2013-05-06]
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader12.crx [2013-05-06]
CHR HKCU\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Eman\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Eman\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACPService; C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe [687104 2010-08-26] () [File not signed]
S2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-07-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1677648 2014-02-04] (LogMeIn Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-02-04] (LogMeIn, Inc.)
R2 SensorsVService; C:\Program Files\SensorsViewPro42\svservice.exe [935424 2011-12-02] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-04] (Avira Operations GmbH & Co. KG)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [574848 2010-06-10] (PixArt Imaging Incorporation)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 NTIOLib_1_0_5; C:\Program Files\MSI\OverclockingCenter\NTIOLib.sys [7680 2010-12-20] (MSI) [File not signed]
R1 sensorsview; C:\Program Files\SensorsViewPro42\drv\sensorsview32.sys [14416 2008-07-26] (OpenLibSys.org)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-09-04] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 18:54 - 2014-08-05 18:54 - 00025460 _____ () C:\Users\Eman\Desktop\FRST.txt
2014-08-05 18:53 - 2014-08-05 18:54 - 00000000 ____D () C:\FRST
2014-08-05 18:46 - 2014-08-05 18:46 - 00000700 _____ () C:\Users\Eman\Desktop\defogger_disable.log
2014-08-05 18:46 - 2014-08-05 18:46 - 00000176 _____ () C:\Users\Eman\defogger_reenable
2014-08-05 18:31 - 2014-08-05 18:31 - 00380416 _____ () C:\Users\Eman\Desktop\Gmer-19357.exe
2014-08-05 18:30 - 2014-08-05 18:30 - 01084928 _____ (Farbar) C:\Users\Eman\Desktop\FRST.exe
2014-08-05 18:30 - 2014-08-05 18:30 - 00050477 _____ () C:\Users\Eman\Desktop\Defogger.exe
2014-08-05 18:04 - 2014-08-05 18:49 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Eman.job
2014-08-05 18:04 - 2014-08-05 18:48 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Eman.job
2014-08-05 18:04 - 2014-08-05 18:48 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Eman.job
2014-07-26 22:25 - 2014-07-26 22:25 - 00000000 ____D () C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 18:54 - 2014-08-05 18:54 - 00025460 _____ () C:\Users\Eman\Desktop\FRST.txt
2014-08-05 18:54 - 2014-08-05 18:53 - 00000000 ____D () C:\FRST
2014-08-05 18:53 - 2012-08-21 16:54 - 00798886 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 18:52 - 2012-08-21 16:47 - 02027231 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 18:49 - 2014-08-05 18:04 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Eman.job
2014-08-05 18:49 - 2012-11-22 16:36 - 00000000 ____D () C:\Users\Eman\Tracing
2014-08-05 18:49 - 2012-09-23 15:23 - 00000000 ____D () C:\Users\Eman\AppData\Roaming\Skype
2014-08-05 18:48 - 2014-08-05 18:04 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Eman.job
2014-08-05 18:48 - 2014-08-05 18:04 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Eman.job
2014-08-05 18:48 - 2014-06-05 14:33 - 00000000 ____D () C:\Users\Eman\AppData\Local\LogMeIn Hamachi
2014-08-05 18:48 - 2012-09-09 19:21 - 00000822 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 18:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 18:48 - 2009-07-14 06:39 - 00117459 _____ () C:\Windows\setupact.log
2014-08-05 18:46 - 2014-08-05 18:46 - 00000700 _____ () C:\Users\Eman\Desktop\defogger_disable.log
2014-08-05 18:46 - 2014-08-05 18:46 - 00000176 _____ () C:\Users\Eman\defogger_reenable
2014-08-05 18:46 - 2012-08-21 16:49 - 00000000 ____D () C:\Users\Eman
2014-08-05 18:34 - 2009-07-14 06:34 - 00017408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 18:34 - 2009-07-14 06:34 - 00017408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 18:33 - 2012-09-09 19:21 - 00000826 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 18:31 - 2014-08-05 18:31 - 00380416 _____ () C:\Users\Eman\Desktop\Gmer-19357.exe
2014-08-05 18:30 - 2014-08-05 18:30 - 01084928 _____ (Farbar) C:\Users\Eman\Desktop\FRST.exe
2014-08-05 18:30 - 2014-08-05 18:30 - 00050477 _____ () C:\Users\Eman\Desktop\Defogger.exe
2014-08-05 18:04 - 2012-08-21 21:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 22:25 - 2014-07-26 22:25 - 00000000 ____D () C:\Program Files\iPod
2014-07-26 22:25 - 2014-06-05 15:47 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-26 22:25 - 2014-02-01 21:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-26 22:25 - 2012-09-23 14:02 - 00000000 ____D () C:\Program Files\iTunes
2014-07-26 22:12 - 2013-05-06 13:39 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-26 22:12 - 2012-11-06 17:06 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-26 21:59 - 2012-08-21 21:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-26 21:59 - 2012-08-21 21:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-26 20:20 - 2012-09-04 01:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-26 20:04 - 2014-06-27 20:24 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-07-23 10:52 - 2012-08-21 19:19 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Eman\jagex_cl_oldschool_LIVE.dat
C:\Users\Eman\jagex_cl_runescape_LIVE.dat
C:\Users\Eman\jagex_cl_runescape_LIVE1.dat
C:\Users\Eman\random.dat
Some content of TEMP:
====================
C:\Users\Eman\AppData\Local\Temp\avgnt.exe
C:\Users\Eman\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\Eman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-02-01 17:41
==================== End Of Log ============================
--- --- --- ADDITION: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Eman at 2014-08-05 18:56:02
Running from C:\Users\Eman\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
avira_internet_security_en 2013 (HKLM\...\avira_internet_security_en 2013) (Version: 2013 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.1.2228.731 - )
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver (HKLM\...\{D30E4145-9120-4497-AD35-F78482C3CF88}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
OverclockingCenter (HKLM\...\OverclockingCenter_is1) (Version: - MSI, Inc.)
Philips CamSuite (HKLM\...\{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}) (Version: 2.0.15.0 - Philips)
Philips Intelligent Agent (HKLM\...\Philips Intelligent Agent_is1) (Version: 2.2 - Philips)
Philips SPZ2500, SPZ2000 WebCam (HKLM\...\{75F6C4E0-05CB-45D0-B22F-17130CFE8628}) (Version: 2.03.000 - Philips)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SensorsView Pro 4.2 (HKLM\...\SensorsView Pro 4.2) (Version: - STV Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
You and Me 2 CD-ROM (HKLM\...\{72DFA8DB-B957-422A-AB23-1B975EE9E853}) (Version: 1.10.0000 - Langenscheidt - Longman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404568197-402074635-1120106407-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
27-05-2014 16:43:30 Installed Java 7 Update 55
27-05-2014 17:27:44 Wiederherstellungspunkt
05-06-2014 12:42:58 Windows Update
05-06-2014 14:13:12 Windows Update
27-06-2014 14:32:55 Windows Update
27-06-2014 18:20:55 Windows Update
29-06-2014 15:46:05 Windows Update
26-07-2014 18:11:13 Windows Update
05-08-2014 16:15:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2013-04-15 21:32 - 00000975 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10E1918B-6813-4B6D-97DD-995F081028C1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {1392FFF9-816E-4AE8-903B-12EA31087551} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-26] (Adobe Systems Incorporated)
Task: {29881A12-342B-425B-BB1F-4954ACB44430} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {3AB0E868-9BF6-4453-8B8D-9B94F2E31BA2} - System32\Tasks\RNUpgradeHelperResumePrompt_Eman => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-26] (RealNetworks, Inc.)
Task: {4788CB96-7D66-4BE9-82A2-9E4259F01D82} - System32\Tasks\ReclaimerUpdateFiles_Eman => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-26] (RealNetworks, Inc.)
Task: {4D7BC209-26DC-4357-B17E-9211E8CD0879} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {6AC5EB55-B4B9-4CA3-9CFC-52238067C310} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-404568197-402074635-1120106407-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {76385060-C434-4FD5-926B-53BF43217D68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {991F050E-1E5D-4AB9-A1DA-248C9268C95C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {9AF37174-AC06-42D4-A4BD-5E4EAA3051D5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-404568197-402074635-1120106407-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {9C8ADAB2-9B03-4A0C-89BF-42D3661F0F41} - System32\Tasks\RNUpgradeHelperLogonPrompt_Eman => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-26] (RealNetworks, Inc.)
Task: {A8979852-00CD-4263-9048-C5A315FDD975} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {B0E569FC-9AB3-4086-A9C6-528CB7E221DA} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => c:\program files\real\realplayer\Update\realsched.exe [2012-09-09] (RealNetworks, Inc.)
Task: {B3F18D7D-8DF7-4565-ABA5-E5F562056D50} - System32\Tasks\ReclaimerUpdateXML_Eman => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-26] (RealNetworks, Inc.)
Task: {DF407F9A-ADEC-4C62-8102-29DB7962916F} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {E0B3AB42-6596-475E-8133-65B02C98F072} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Eman.job => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Eman.job => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Eman.job => C:\Users\Eman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-26 15:53 - 2010-08-26 15:53 - 00687104 _____ () C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
2010-08-26 15:51 - 2010-08-26 15:51 - 00315904 _____ () C:\Program Files\Philips\CamSuite\2.0.15.0\Common.dll
2010-08-26 15:54 - 2010-08-26 15:54 - 00358400 _____ () C:\PROGRAM FILES\PHILIPS\CAMSUITE\2.0.15.0\Resources.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-10 21:32 - 2007-04-13 17:49 - 00101528 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2011-12-02 20:38 - 2011-12-02 20:38 - 00935424 _____ () C:\Program Files\SensorsViewPro42\svservice.exe
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-04-05 21:00 - 2012-04-05 21:00 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-05 18:32 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/26/2014 10:25:24 PM) (Source: MsiInstaller) (EventID: 11719) (User: MOHAMED)
Description: Produkt: iTunes -- Fehler 1719. Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn Windows im abgesicherten Modus ausgeführt wird oder wenn der Windows Installer nicht korrekt installiert wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung, um weitere Unterstützung zu erhalten.
Error: (07/26/2014 10:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: dbc
Start Time: 01cfa90324c289f5
Termination Time: 10
Application Path: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Report Id:
Error: (07/26/2014 08:46:10 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=B4G7M
ACID=?
Detailed Error[?]
Error: (07/26/2014 08:27:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DivXUpdate.exe, version: 1.0.6.88, time stamp: 0x511afc59
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x6d032505
Faulting process id: 0xd38
Faulting application start time: 0xDivXUpdate.exe0
Faulting application path: DivXUpdate.exe1
Faulting module path: DivXUpdate.exe2
Report Id: DivXUpdate.exe3
Error: (07/26/2014 08:12:37 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=B4G7M
ACID=?
Detailed Error[?]
Error: (06/29/2014 05:42:36 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Mohamed.local. AAAA FE80:0000:0000:0000:A5C3:7E9A:97B8:9EC8
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353 16 Mohamed.local. AAAA FE80:0000:0000:0000:0C3F:19BE:56C0:0688
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Mohamed.local. Addr 10.0.0.4
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353 16 Mohamed.local. AAAA FE80:0000:0000:0000:0C3F:19BE:56C0:0688
System errors:
=============
Error: (08/05/2014 06:47:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
Error: (07/26/2014 10:23:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Echtzeit-Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (07/26/2014 10:22:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (07/26/2014 10:22:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (07/26/2014 08:44:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Email Schutz service terminated with service-specific error %%1.
Error: (07/26/2014 08:44:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Browser-Schutz service terminated with service-specific error %%1.
Error: (07/26/2014 08:42:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Email Schutz service terminated with service-specific error %%1.
Error: (07/26/2014 08:42:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Browser-Schutz service terminated with service-specific error %%1.
Error: (07/26/2014 08:41:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:35:04 م on 26/07/2014 was unexpected.
Error: (07/26/2014 08:05:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Email Schutz service terminated with service-specific error %%1.
Microsoft Office Sessions:
=========================
Error: (07/26/2014 10:25:24 PM) (Source: MsiInstaller) (EventID: 11719) (User: MOHAMED)
Description: Produkt: iTunes -- Fehler 1719. Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn Windows im abgesicherten Modus ausgeführt wird oder wenn der Windows Installer nicht korrekt installiert wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung, um weitere Unterstützung zu erhalten.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/26/2014 10:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftwareUpdate.exe2.1.3.127dbc01cfa90324c289f510C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Error: (07/26/2014 08:46:10 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F050B4G7M??
Error: (07/26/2014 08:27:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DivXUpdate.exe1.0.6.88511afc59netprofm.dll_unloaded0.0.0.04a5bda75c00000056d032505d3801cfa8fc711de408C:\Program Files\DivX\DivX Update\DivXUpdate.exenetprofm.dll8db29cfa-14f2-11e4-b6fa-8c89a5337eb1
Error: (07/26/2014 08:12:37 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F050B4G7M??
Error: (06/29/2014 05:42:36 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Mohamed.local. AAAA FE80:0000:0000:0000:A5C3:7E9A:97B8:9EC8
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353 16 Mohamed.local. AAAA FE80:0000:0000:0000:0C3F:19BE:56C0:0688
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Mohamed.local. Addr 10.0.0.4
Error: (06/27/2014 07:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353 16 Mohamed.local. AAAA FE80:0000:0000:0000:0C3F:19BE:56C0:0688
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3327.24 MB
Available physical RAM: 2082.04 MB
Total Pagefile: 6652.77 MB
Available Pagefile: 5013.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:63.44 GB) (Free:11.16 GB) NTFS
Drive d: (DRV1_VOL2) (Fixed) (Total:122.73 GB) (Free:97.2 GB) NTFS
Drive e: (DRV1_VOL3) (Fixed) (Total:139.69 GB) (Free:87.98 GB) NTFS
Drive f: (DRV1_VOL4) (Fixed) (Total:139.8 GB) (Free:77.23 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-05 19:56:13
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 rev. 0,00MB
Running: Gmer-19357.exe; Driver: C:\Users\Eman\AppData\Local\Temp\awldypow.sys
---- System - GMER 2.1 ----
SSDT 95A537DE ZwCreateSection
SSDT 95A537B6 ZwCreateSymbolicLinkObject
SSDT 95A537BB ZwLoadDriver
SSDT 95A537B1 ZwOpenSection
SSDT 95A537E8 ZwRequestWaitReplyPort
SSDT 95A537E3 ZwSetContextThread
SSDT 95A537ED ZwSetSecurityObject
SSDT 95A537C0 ZwSetSystemInformation
SSDT 95A537F2 ZwSystemDebugControl
SSDT 95A5377F ZwTerminateProcess
SSDT 95A5377A ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83091A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CB212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830D258C 4 Bytes [DE, 37, A5, 95] {FIDIV WORD [EDI]; MOVSD ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 830D2594 4 Bytes [B6, 37, A5, 95] {MOV DH, 0x37; MOVSD ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 830D26A8 4 Bytes [BB, 37, A5, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 830D2744 4 Bytes [B1, 37, A5, 95] {MOV CL, 0x37; MOVSD ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830D28E8 4 Bytes [E8, 37, A5, 95]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92603000, 0x3DBAA0, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x05 0x8F 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xCB 0x98 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0xC9 0xCE 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x05 0x8F 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xCB 0x98 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0xC9 0xCE 0xA8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C68348A-E0FB-FD0C-06DD-64464303D4EA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C68348A-E0FB-FD0C-06DD-64464303D4EA}@halhaajpchnljjck 0x6B 0x61 0x6F 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C68348A-E0FB-FD0C-06DD-64464303D4EA}@iabnboohfbnbnefjlp 0x6A 0x61 0x6E 0x68 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
05.08.2014 19:57 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
05.08.2014 19:57 [Echtzeit-Scanner] Echtzeit-Scanner aktiviert
Echtzeit-Scanner wurde aktiviert.
05.08.2014 19:12 [Echtzeit-Scanner] Echtzeit-Scanner deaktiviert
Echtzeit-Scanner wurde deaktiviert.
05.08.2014 19:12 [ProActiv] ProActiv deaktiviert
ProActiv wurde deaktiviert.
05.08.2014 18:49 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
05.08.2014 18:49 [Browser-Schutz] Lizenzfehler
Der Dienst erkannte eine ungültige Lizenz.
05.08.2014 18:49 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
05.08.2014 18:49 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.5.320
Engine Version:
VDF Version:
05.08.2014 18:49 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.5.396
Engine Version: 8.3.22.12
VDF Version: 8.11.164.30
05.08.2014 18:49 [Hilfsdienst] Lizenzfehler
Lizenzfehler
05.08.2014 18:48 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.5.320
05.08.2014 18:47 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.
05.08.2014 18:47 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.
05.08.2014 18:43 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50bdae14.qua'
verschoben!
05.08.2014 18:43 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX (1).exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '482a81b3.qua'
verschoben!
05.08.2014 18:43 [System-Scanner] Suche
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 886
Anzahl Verzeichnisse: 0
Anzahl Malware: 2
Anzahl Warnungen: 0
05.08.2014 18:43 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX (1).exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
05.08.2014 18:43 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
05.08.2014 18:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX (1).exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
05.08.2014 18:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Eman\Downloads\Castle Crashers PSN PS3 DUPLEX.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.324119.29' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
05.08.2014 18:11 [System-Scanner] Suche
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 2639
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0
05.08.2014 18:10 [Updater] Update nicht ausgeführt
Das Update von Computer MOHAMED (10.0.0.3) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
05.08.2014 18:09 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.
05.08.2014 18:09 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
05.08.2014 18:05 [Browser-Schutz] Lizenzfehler
Der Dienst erkannte eine ungültige Lizenz.
05.08.2014 18:05 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
05.08.2014 18:05 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.5.320
Engine Version:
VDF Version:
05.08.2014 18:05 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.5.396
Engine Version: 8.3.22.12
VDF Version: 8.11.164.30
05.08.2014 18:05 [Hilfsdienst] Lizenzfehler
Lizenzfehler
05.08.2014 18:04 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.5.320
26.07.2014 22:25 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 22:25 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 22:24 [Updater] Update erfolgreich durchgeführt
Update von Avira Internet Security auf Computer MOHAMED (10.0.0.3) erfolgreich
durchgeführt.
Folgende Dateien wurden von "hxxp://2.20.182.215/update" aktualisiert:
antivir.oem
avinet.dll 14.0.5.320
avipc.dll 14.0.5.320
avmres.dll 14.0.5.382
avwinll.dll 14.0.5.320
cfglib.dll 14.0.5.320
msgclient.dll 14.0.5.366
rcimage.dll 14.0.5.320
rctext.dll 14.0.5.322
scewxmlw.dll 14.0.5.320
update.dll 14.0.5.464
update.exe 14.0.5.452
updaterc.dll 14.0.5.456
updgui.dll 14.0.5.396
updguirc.dll 14.0.5.320
updrgui.exe 14.0.5.396
antispam.dll 14.0.5.346
asata.dll 14.0.5.346
aecore.dll 8.3.2.2
aeheur.dll 8.1.4.1166
aeoffice.dll 8.3.0.14
aepack.dll 8.4.0.42
aescn.dll 8.3.2.2
aescript.dll 8.2.0.12
aeset.dat 8.3.22.12
avgntflt.sys 14.0.5.304
avnetflt.sys 14.0.5.440
avlode.rdf 14.0.4.42
about.htm
avacl.dll 14.0.5.320
avadmin.exe 14.0.5.366
avarkt.dll 14.0.5.368
avbb.dll 14.0.5.320
avcenter.exe 14.0.5.454
avconfig.cpl 14.0.5.320
avconfig.dll 14.0.5.396
avconfig.exe 14.0.5.396
avconfigrc.dll 14.0.5.320
avesvc.dll 14.0.5.396
avesvcr.dll 14.0.5.320
avevtlog.dll 14.0.5.320
avevtrc.dll 14.0.5.320
avfwres.dll 14.0.5.320
avfwsvc.exe 14.0.5.366
avgio.dll 14.0.5.320
avgnt.exe 14.0.5.396
avgntflt.cat
avgntflt.inf
avgntflt.sys 14.0.5.304
avguard.exe 14.0.5.320
avguard.xml 14.0.5.320
avlode.dll 14.0.5.396
avmailc.exe 14.0.5.368
avmailc7.exe 14.0.5.368
avmailcr.dll 14.0.5.320
avmaildlgcr.dll 14.0.5.320
avmcdlg.exe 14.0.5.366
avnetflt.cat
avnetflt.inf
avnetflt.sys 14.0.5.440
avnotify.dll 14.0.5.320
avnotify.exe 14.0.5.396
avpref.dll 14.0.5.320
avreg.dll 14.0.5.356
avrep.dll 14.0.5.320
Repair.dll 14.0.5.376
Win32APIWrapper.dll 14.0.5.376
rdf.dll 14.0.5.376
systemutilities.dll 14.0.5.376
productutilities.dll 14.0.5.376
avrestart.exe 14.0.5.396
avscan.exe 14.0.5.396
avscanrc.dll 14.0.5.364
avscplr.dll 14.0.5.376
avshadow.exe 14.0.5.464
avsmtp.dll 14.0.5.320
avupgsvc.exe 14.0.5.320
avwebg7.exe 14.0.5.430
avwebgrc.dll 14.0.5.320
avwebgrd.exe 14.0.5.430
avwebloader.dll 14.0.5.320
avwebloader.exe 14.0.5.320
avwebloadergui.dll 14.0.5.452
avwmi.dll 14.0.5.336
avwsc.exe 14.0.5.396
backup.dll 14.0.5.320
backup.exe 14.0.5.390
build.dat 14.0.5.464
cares.dll 14.0.5.346
ccavscanex.dll 14.0.5.384
ccavscanexrc.dll 14.0.5.320
ccbackup.dll 14.0.5.390
ccbkuprc.dll 14.0.5.320
ccev.dll 14.0.5.386
ccevrc.dll 14.0.5.320
ccevw.dll 14.0.5.390
ccfw.dll 14.0.5.396
ccfwgnt.dll 14.0.5.396
ccfwitf.dll 14.0.5.320
ccfwmgt.dll 14.0.5.396
ccfwmgtrc.dll 14.0.5.320
ccfwrc.dll 14.0.5.320
ccgen.dll 14.0.5.396
ccgenrc.dll 14.0.5.320
ccgenw.dll 14.0.5.366
ccgrdrc.dll 14.0.5.320
ccgrdw.dll 14.0.5.366
ccguard.dll 14.0.5.396
cchips.dll 14.0.5.366
cchipsrc.dll 14.0.5.320
cclic.dll 14.0.5.396
cclicrc.dll 14.0.5.320
cclicw.dll 14.0.5.390
ccmainrc.dll 14.0.5.320
ccmgrdrc.dll 14.0.5.320
ccmguard.dll 14.0.5.396
ccmsg.dll 14.0.5.396
ccmsgrc.dll 14.0.5.320
ccprofil.dll 14.0.5.396
ccquamgr.dll 14.0.5.390
ccquarc.dll 14.0.5.320
ccquaw.dll 14.0.5.396
ccreporc.dll 14.0.5.320
ccreport.dll 14.0.5.366
ccrepow.dll 14.0.5.366
ccscanrc.dll 14.0.5.320
ccscanw.dll 14.0.5.390
ccsched.dll 14.0.5.390
ccschedw.dll 14.0.5.390
ccscherc.dll 14.0.5.320
ccuac.exe 14.0.5.396
ccupdate.dll 14.0.5.396
ccupdrc.dll 14.0.5.320
ccupdw.dll 14.0.5.366
ccwebtabs.dll 14.0.5.366
ccwebtabsrc.dll 14.0.5.320
ccwgrd.dll 14.0.5.396
ccwgrdrc.dll 14.0.5.320
ccwgrdw.dll 14.0.5.366
ccwkrlib.dll 14.0.5.396
cfgprofile.dll 14.0.5.320
checkt.exe 14.0.5.320
extdlgfw.dll 14.0.5.396
fact.exe 14.0.5.396
factrc.dll 14.0.5.320
firewall.dll 14.0.5.320
fwinst.exe 14.0.5.346
fwrc.dll 14.0.5.320
fwstr.dll 14.0.5.320
gavidb.dll 14.0.5.390
gpavgio.dll 14.0.5.396
gpevtlog.dll 14.0.5.366
gpgavid.dll 14.0.5.338
gpgen.dll 14.0.5.390
gpgenrep.dll 14.0.5.366
gpgrd.dll 14.0.5.366
gpgui.dll 14.0.5.320
gpipc.dll 14.0.5.366
gplegacy.dll 14.0.5.320
gpschd.dll 14.0.5.320
grdcore.dll 14.0.5.396
guardgui.exe 14.0.5.384
guardmsg.dll 14.0.5.320
ipmgui.exe 14.0.5.366
libdb53.dll 14.0.5.320
libiconv2.dll 14.0.5.346
libxml2.dll 14.0.5.346
licmgr.dll 14.0.5.320
licmgr.exe 14.0.5.396
luke.dll 14.0.5.336
lukeres.dll 14.0.5.320
mapiaddr.exe 14.0.5.366
mgrs.dll 14.0.5.320
netnt.dll 14.0.5.320
onlcfg.dll 14.0.5.320
pcre.dll 14.0.5.346
prefix_msg.avr
rchelp.dll 14.0.5.370
rcnwload_ar.dll 14.0.5.320
rcnwload_de.dll 14.0.5.320
rcnwload_en.dll 14.0.5.320
rcnwload_es.dll 14.0.5.320
rcnwload_fr.dll 14.0.5.320
rcnwload_it.dll 14.0.5.320
rcnwload_jp.dll 14.0.5.320
rcnwload_ko.dll 14.0.5.320
rcnwload_nl.dll 14.0.5.320
rcnwload_pt.dll 14.0.5.320
rcnwload_ru.dll 14.0.5.320
rcnwload_tr.dll 14.0.5.320
rcnwload_zhcn.dll 14.0.5.320
rcnwload_zhtw.dll 14.0.5.320
restartrc.dll 14.0.5.320
rscdwld.exe 14.0.5.320
rscdwrc.dll 14.0.5.320
sched.exe 14.0.5.320
sched.xml 14.0.5.320
schedr.dll 14.0.5.320
setup.dll 14.0.5.322
setup.exe 14.0.5.448
setuppending.exe 14.0.5.366
shlext.dll 14.0.5.320
sqlite3.dll 14.0.5.320
usrreq.exe 14.0.5.396
webcat.dll 14.0.5.336
webcatrc.dll 14.0.5.320
webprorc.dll 14.0.5.320
webprot.dll 14.0.5.464
wksstats.dll 14.0.5.396
wl.dll 14.0.5.320
wsctool.exe 14.0.5.376
avwin.chm
aevdf.dat 8.11.164.30
xbv00044.vdf 8.11.159.102
xbv00045.vdf 8.11.159.104
xbv00046.vdf 8.11.159.108
xbv00047.vdf 8.11.159.112
xbv00048.vdf 8.11.159.114
xbv00049.vdf 8.11.159.116
xbv00050.vdf 8.11.159.118
xbv00051.vdf 8.11.159.122
xbv00052.vdf 8.11.159.126
xbv00053.vdf 8.11.159.148
xbv00054.vdf 8.11.159.168
xbv00055.vdf 8.11.159.188
xbv00056.vdf 8.11.159.210
xbv00057.vdf 8.11.159.212
xbv00058.vdf 8.11.159.218
xbv00059.vdf 8.11.159.220
xbv00060.vdf 8.11.159.222
xbv00061.vdf 8.11.159.224
xbv00062.vdf 8.11.159.226
xbv00063.vdf 8.11.159.230
xbv00064.vdf 8.11.159.250
xbv00065.vdf 8.11.159.252
xbv00066.vdf 8.11.160.16
xbv00067.vdf 8.11.160.40
xbv00068.vdf 8.11.160.42
xbv00069.vdf 8.11.160.46
xbv00070.vdf 8.11.160.48
xbv00071.vdf 8.11.160.50
xbv00072.vdf 8.11.160.52
xbv00073.vdf 8.11.160.54
xbv00074.vdf 8.11.160.58
xbv00075.vdf 8.11.160.60
xbv00076.vdf 8.11.160.62
xbv00077.vdf 8.11.160.66
xbv00078.vdf 8.11.160.68
xbv00079.vdf 8.11.160.70
xbv00080.vdf 8.11.160.72
xbv00081.vdf 8.11.160.92
xbv00082.vdf 8.11.160.112
xbv00083.vdf 8.11.160.130
xbv00084.vdf 8.11.160.132
xbv00085.vdf 8.11.160.152
xbv00086.vdf 8.11.160.154
xbv00087.vdf 8.11.160.156
xbv00088.vdf 8.11.160.158
xbv00089.vdf 8.11.160.160
xbv00090.vdf 8.11.160.162
xbv00091.vdf 8.11.160.166
xbv00092.vdf 8.11.160.168
xbv00093.vdf 8.11.160.178
xbv00094.vdf 8.11.160.180
xbv00095.vdf 8.11.160.182
xbv00096.vdf 8.11.160.188
xbv00097.vdf 8.11.160.190
xbv00098.vdf 8.11.160.194
xbv00099.vdf 8.11.160.212
xbv00100.vdf 8.11.160.230
xbv00101.vdf 8.11.160.232
xbv00102.vdf 8.11.160.234
xbv00103.vdf 8.11.160.254
xbv00104.vdf 8.11.161.16
xbv00105.vdf 8.11.161.32
xbv00106.vdf 8.11.161.34
xbv00107.vdf 8.11.161.52
xbv00108.vdf 8.11.161.68
xbv00109.vdf 8.11.161.84
xbv00110.vdf 8.11.162.2
xbv00111.vdf 8.11.162.6
xbv00112.vdf 8.11.162.8
xbv00113.vdf 8.11.162.10
xbv00114.vdf 8.11.162.14
xbv00115.vdf 8.11.162.16
xbv00116.vdf 8.11.162.18
xbv00117.vdf 8.11.162.22
xbv00118.vdf 8.11.162.40
xbv00119.vdf 8.11.162.42
xbv00120.vdf 8.11.162.58
xbv00121.vdf 8.11.162.78
xbv00122.vdf 8.11.162.94
xbv00123.vdf 8.11.162.110
xbv00124.vdf 8.11.162.112
xbv00125.vdf 8.11.162.130
xbv00126.vdf 8.11.162.134
xbv00127.vdf 8.11.162.136
xbv00128.vdf 8.11.162.152
xbv00129.vdf 8.11.162.154
xbv00130.vdf 8.11.162.170
xbv00131.vdf 8.11.162.172
xbv00132.vdf 8.11.162.174
xbv00133.vdf 8.11.162.188
xbv00134.vdf 8.11.162.192
xbv00135.vdf 8.11.162.194
xbv00136.vdf 8.11.162.200
xbv00137.vdf 8.11.162.204
xbv00138.vdf 8.11.162.212
xbv00139.vdf 8.11.162.228
xbv00140.vdf 8.11.162.244
xbv00141.vdf 8.11.163.2
xbv00142.vdf 8.11.163.16
xbv00143.vdf 8.11.163.20
xbv00144.vdf 8.11.163.22
xbv00145.vdf 8.11.163.26
xbv00146.vdf 8.11.163.28
xbv00147.vdf 8.11.163.42
xbv00148.vdf 8.11.163.44
xbv00149.vdf 8.11.163.56
xbv00150.vdf 8.11.163.68
xbv00151.vdf 8.11.163.74
xbv00152.vdf 8.11.163.78
xbv00153.vdf 8.11.163.82
xbv00154.vdf 8.11.163.84
xbv00155.vdf 8.11.163.86
xbv00156.vdf 8.11.163.92
xbv00157.vdf 8.11.163.98
xbv00158.vdf 8.11.163.100
xbv00159.vdf 8.11.163.102
xbv00160.vdf 8.11.163.108
xbv00161.vdf 8.11.163.112
xbv00162.vdf 8.11.163.116
xbv00163.vdf 8.11.163.130
xbv00164.vdf 8.11.163.142
xbv00165.vdf 8.11.163.154
xbv00166.vdf 8.11.163.158
xbv00167.vdf 8.11.163.164
xbv00168.vdf 8.11.163.170
xbv00169.vdf 8.11.163.174
xbv00170.vdf 8.11.163.176
xbv00171.vdf 8.11.163.178
xbv00172.vdf 8.11.163.184
xbv00173.vdf 8.11.163.186
xbv00174.vdf 8.11.163.198
xbv00175.vdf 8.11.163.200
xbv00176.vdf 8.11.163.212
xbv00177.vdf 8.11.163.222
xbv00178.vdf 8.11.163.226
xbv00179.vdf 8.11.163.230
xbv00180.vdf 8.11.163.234
xbv00181.vdf 8.11.163.236
xbv00182.vdf 8.11.163.238
xbv00183.vdf 8.11.163.240
xbv00184.vdf 8.11.163.244
xbv00185.vdf 8.11.163.246
xbv00186.vdf 8.11.163.248
xbv00187.vdf 8.11.163.252
xbv00188.vdf 8.11.163.254
xbv00189.vdf 8.11.164.2
xbv00190.vdf 8.11.164.6
xbv00191.vdf 8.11.164.8
xbv00192.vdf 8.11.164.20
xbv00193.vdf 8.11.164.30
xbv00194.vdf 8.11.159.102
xbv00195.vdf 8.11.159.102
xbv00196.vdf 8.11.159.102
xbv00197.vdf 8.11.159.102
xbv00198.vdf 8.11.159.102
xbv00199.vdf 8.11.159.102
xbv00200.vdf 8.11.159.102
xbv00201.vdf 8.11.159.102
xbv00202.vdf 8.11.159.102
xbv00203.vdf 8.11.159.102
xbv00204.vdf 8.11.159.102
xbv00205.vdf 8.11.159.102
xbv00206.vdf 8.11.159.102
xbv00207.vdf 8.11.159.102
xbv00208.vdf 8.11.159.102
xbv00209.vdf 8.11.159.102
xbv00210.vdf 8.11.159.102
xbv00211.vdf 8.11.159.102
xbv00212.vdf 8.11.159.102
xbv00213.vdf 8.11.159.102
xbv00214.vdf 8.11.159.102
xbv00215.vdf 8.11.159.102
xbv00216.vdf 8.11.159.102
xbv00217.vdf 8.11.159.102
xbv00218.vdf 8.11.159.102
xbv00219.vdf 8.11.159.102
xbv00220.vdf 8.11.159.102
xbv00221.vdf 8.11.159.102
xbv00222.vdf 8.11.159.102
xbv00223.vdf 8.11.159.102
xbv00224.vdf 8.11.159.102
xbv00225.vdf 8.11.159.102
xbv00226.vdf 8.11.159.102
xbv00227.vdf 8.11.159.102
xbv00228.vdf 8.11.159.102
xbv00229.vdf 8.11.159.102
xbv00230.vdf 8.11.159.102
xbv00231.vdf 8.11.159.102
xbv00232.vdf 8.11.159.102
xbv00233.vdf 8.11.159.102
xbv00234.vdf 8.11.159.102
xbv00235.vdf 8.11.159.102
xbv00236.vdf 8.11.159.102
xbv00237.vdf 8.11.159.102
xbv00238.vdf 8.11.159.102
xbv00239.vdf 8.11.159.102
xbv00240.vdf 8.11.159.102
xbv00241.vdf 8.11.159.102
xbv00242.vdf 8.11.159.102
xbv00243.vdf 8.11.159.102
xbv00244.vdf 8.11.159.102
xbv00245.vdf 8.11.159.102
xbv00246.vdf 8.11.159.102
xbv00247.vdf 8.11.159.102
xbv00248.vdf 8.11.159.102
xbv00249.vdf 8.11.159.102
xbv00250.vdf 8.11.159.102
xbv00251.vdf 8.11.159.102
xbv00252.vdf 8.11.159.102
xbv00253.vdf 8.11.159.102
xbv00254.vdf 8.11.159.102
xbv00255.vdf 8.11.159.102
local000.vdf
webcat0.dat
webcat1.dat
webcat2.dat
webcat3.dat
webcat4.dat
repair.rdf 1.0.1.8
avweb.yml 14.0.5.6
26.07.2014 22:24 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.5.320
26.07.2014 22:24 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
26.07.2014 22:24 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
26.07.2014 22:24 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.4.620
Engine Version:
VDF Version:
26.07.2014 22:24 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.5.396
Engine Version: 8.3.22.12
VDF Version: 8.11.157.100
26.07.2014 22:24 [Hilfsdienst] Lizenzfehler
Lizenzfehler
26.07.2014 22:23 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 22:16 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 22:10 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
26.07.2014 20:44 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
26.07.2014 20:44 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
26.07.2014 20:44 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.4.620
Engine Version:
VDF Version:
26.07.2014 20:43 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.4.620
26.07.2014 20:43 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 20:43 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.
26.07.2014 20:42 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
26.07.2014 20:42 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
26.07.2014 20:42 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.4.620
Engine Version:
VDF Version:
26.07.2014 20:42 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.4.620
26.07.2014 20:17 [System-Scanner] Suche
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 2676
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0
26.07.2014 20:14 [Updater] Update nicht ausgeführt
Das Update von Computer MOHAMED (25.128.231.172) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
26.07.2014 20:10 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.
26.07.2014 20:10 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
26.07.2014 20:05 [ProActiv] ProActiv aktiviert
ProActiv wurde aktiviert.
26.07.2014 20:05 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
26.07.2014 20:05 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 14.0.4.620
Engine Version:
VDF Version:
26.07.2014 20:05 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 14.0.4.620
|
|
06.08.2014, 15:25
| #4 | |
| /// the machine /// TB-Ausbilder | Windows 7 PC friert immer bei minimalster Belastung ein!Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.08.2014, 15:37
| #5 | |
| | Windows 7 PC friert immer bei minimalster Belastung ein!Zitat:
|
|
07.08.2014, 09:47
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 PC friert immer bei minimalster Belastung ein! und wer hat dann den Crack für die Aktivierung eingebaut? 
__________________ --> Windows 7 PC friert immer bei minimalster Belastung ein! |
|
07.08.2014, 10:52
| #7 | |
| | Windows 7 PC friert immer bei minimalster Belastung ein!Zitat:
Habe gedacht die verkaufen die keine gecrackte Versionen.. |
|
07.08.2014, 17:05
| #8 | |
| /// the machine /// TB-Ausbilder | Windows 7 PC friert immer bei minimalster Belastung ein!Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 PC friert immer bei minimalster Belastung ein! |
| anhang, avira, belastung, cpu, datei, einfach, einfriert, einiger, friert, grafikkarte, graue, hilft, hoffe, nichts, pentium, radeon, schlechter, windows, windows 7, zusätzlich |
Linear-Darstellung
