|
Plagegeister aller Art und deren Bekämpfung: Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2015, 14:57 | #1 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Hallo, Ich habe seit gestern das Problem das mein PC erheblich langsamer geworden ist. Und plötzlich unbekannte Töne abgespielt hat. Als ich im Lautstärkemixer die Quelle der Töne finden wollte wurden mir dort nur 2 unbekannte Programme (Name unbekannt) angezeigt. Als ich dann im Task Manager geguckt habe was für Prozesse laufen viel mir auf das die compatibilitycheck.exe 10 mal geöffnet war. Ich hatte gestern leider keine Zeit mehr mich weiter mit dem Problem zubeschäftigen also habe ich den PC herruntergefahren. Als ich ihn eben wieder gestartet habe hatte er das exakte Problem wieder. Zurzeit lasse ich Kaspersky 2014 den gesamten PC untersuchen. Und ein OTL Scan habe ich auch schon gemacht. (Ich hoffe das war richtig). Das Problem klingt ähnlich wie das gestern hier http://www.trojaner-board.de/162729-...ml#post1408958 Ist aber glaube ich nicht ganz das selbe Wegen der Töne. Zum System: Win7 64Bit Sp1 Kapersky I-Net Security 2014 |
14.01.2015, 15:14 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
14.01.2015, 15:32 | #3 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Hallo Cosinus,
__________________Kapersky hat vor ca 1Woche das Ausführen 2er Programme verhindert, wie die hießen weiß ich aber leider nicht mehr. Andere Virensysteme habe ich auch Nicht. Hier das OTL Log Code:
ATTFilter OTL logfile created on: 14.01.2015 14:20:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bjarne\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 36,20% Memory free 15,96 Gb Paging File | 10,87 Gb Available in Paging File | 68,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,23 Gb Total Space | 74,15 Gb Free Space | 16,73% Space Free | Partition Type: NTFS Drive D: | 219,73 Gb Total Space | 45,16 Gb Free Space | 20,55% Space Free | Partition Type: NTFS Drive E: | 268,55 Gb Total Space | 49,03 Gb Free Space | 18,26% Space Free | Partition Type: NTFS Drive F: | 1,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BJARNE-PC | User Name: Bjarne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.01.14 14:16:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bjarne\Downloads\OTL.exe PRC - [2015.01.08 21:51:16 | 051,252,392 | ---- | M] () -- C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe PRC - [2015.01.08 20:58:06 | 000,087,208 | ---- | M] () -- C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe PRC - [2014.12.27 11:24:47 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe PRC - [2014.12.26 15:45:21 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2014.12.26 14:25:07 | 001,005,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2014.12.10 18:04:08 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014.12.09 04:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014.12.08 07:27:27 | 006,277,952 | ---- | M] () -- C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe PRC - [2014.12.03 19:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014.11.17 21:04:08 | 002,465,088 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014.11.17 21:04:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2014.11.12 21:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014.07.14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014.07.14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2014.06.23 17:50:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014.03.04 10:19:48 | 002,630,928 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2013.12.17 01:00:00 | 000,933,888 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe PRC - [2013.10.17 15:47:28 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2013.04.26 16:15:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012.12.21 16:39:25 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2010.11.21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2015.01.14 12:39:49 | 000,043,008 | ---- | M] () -- c:\users\bjarne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpncqvry.dll MOD - [2014.12.27 11:24:47 | 016,843,952 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll MOD - [2014.12.26 15:45:21 | 003,339,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2014.12.26 15:45:21 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2014.12.26 15:45:21 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2014.12.10 18:04:07 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014.12.08 07:27:27 | 006,277,952 | ---- | M] () -- C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe MOD - [2014.10.22 01:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libGLESv2.dll MOD - [2014.10.22 01:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libEGL.dll MOD - [2014.10.22 01:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll MOD - [2014.10.22 01:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll MOD - [2014.10.15 15:11:20 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll MOD - [2014.10.15 15:10:35 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll MOD - [2014.10.15 15:09:54 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll MOD - [2014.10.15 14:16:54 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll MOD - [2014.10.15 14:16:43 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll MOD - [2014.10.15 14:16:35 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll MOD - [2014.10.15 14:16:32 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll MOD - [2014.10.15 14:16:26 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll MOD - [2014.10.15 14:16:23 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll MOD - [2014.10.15 14:16:20 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll MOD - [2014.10.15 14:16:18 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll MOD - [2014.10.15 14:16:16 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll MOD - [2014.03.17 18:31:44 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll MOD - [2014.03.02 21:24:16 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2013.06.17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll MOD - [2013.04.26 16:15:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.05.09 20:23:45 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\003\xmkysecqun64.exe -- (xmkysecqun64) SRV - [2015.01.14 13:43:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015.01.08 20:58:06 | 000,087,208 | ---- | M] () [Auto | Running] -- C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe -- (Verifies and fixes application compatibility issues) SRV - [2014.12.11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.12.10 18:04:07 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014.12.03 19:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.11.18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014.11.17 21:04:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014.11.17 21:04:03 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV - [2014.11.17 21:04:02 | 019,821,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV - [2014.11.12 21:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014.07.14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2014.07.14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2014.06.26 17:25:58 | 001,771,560 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\ws.exe -- (PDF Architect 2) SRV - [2014.06.26 17:25:58 | 000,861,736 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe -- (pdfforge CrashHandler) SRV - [2014.06.25 18:58:02 | 000,172,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe -- (SupraSavingsService64) SRV - [2014.06.23 17:50:11 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014.01.26 16:31:57 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.10.17 15:47:28 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.11.17 23:18:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2014.10.03 20:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2014.03.27 01:00:00 | 001,327,744 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb6.sys -- (fwlanusb6) DRV:64bit: - [2014.03.21 15:08:52 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014.03.21 15:08:51 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2014.03.14 15:39:03 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2014.02.17 17:05:28 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2013.12.18 17:46:45 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2013.12.17 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2013.12.08 15:31:33 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2013.10.17 15:47:26 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013.10.17 15:47:24 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.05.14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.04.12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2012.12.31 19:00:09 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.12.31 19:00:09 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.12 17:12:56 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.21 17:46:18 | 000,396,776 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2012.02.21 17:46:18 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.17 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2014.11.17 21:04:02 | 000,020,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001.08.25 15:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 2F BB 4B 90 0E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=060612_5_&babsrc=SP_ss&mntrId=dc210453000000000000c86000592361 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.178.1;192.168.178.254;169.254.1.1;fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.startup.homepage: "www.facebook.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.12.12 22:26:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014.12.26 14:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.12.26 14:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014.12.26 14:28:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014.12.26 14:28:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014.12.26 14:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.12.10 18:04:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.12.26 15:45:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.12.10 18:04:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.12.26 15:45:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.08 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Extensions [2015.01.07 20:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Firefox\Profiles\asd29d3u.default\extensions [2014.11.14 16:15:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Bjarne\AppData\Roaming\mozilla\firefox\profiles\asd29d3u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.12.10 18:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.12.10 18:04:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015.01.14 13:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions [2015.01.14 13:49:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found. O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (YrJie New Games) - {A86EFAD9-8377-476D-9192-CF440B6F88EC} - C:\Program Files (x86)\IeAdsBlocker.dll (YrJie Games) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Amazon Music] C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe () O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - Startup: C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3639389-D1FF-445D-B883-CAFD0C06C274}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.01.07 17:25:57 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ] O32 - AutoRun File - [2013.08.12 16:49:10 | 003,833,856 | R--- | M] () - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2012.09.30 20:24:48 | 000,000,066 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1cc5856f-7a7e-11e1-af83-c86000592361}\Shell - "" = AutoRun O33 - MountPoints2\{1cc5856f-7a7e-11e1-af83-c86000592361}\Shell\AutoRun\command - "" = G:\Bin\ASSETUP.exe O33 - MountPoints2\{a6fad6c1-20fe-11e1-9155-001e900652a7}\Shell - "" = AutoRun O33 - MountPoints2\{a6fad6c1-20fe-11e1-9155-001e900652a7}\Shell\AutoRun\command - "" = L:\pushinst.exe O33 - MountPoints2\{c5d34aed-7713-11e4-9471-c86000592361}\Shell - "" = AutoRun O33 - MountPoints2\{c5d34aed-7713-11e4-9471-c86000592361}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{e1ad8f4a-20fd-11e1-8423-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e1ad8f4a-20fd-11e1-8423-806e6f6e6963}\Shell\AutoRun\command - "" = F:\install.EXE id= ver=1.0.0.0 O33 - MountPoints2\{e213bd02-a0be-11e1-bcee-001c4af5a483}\Shell - "" = AutoRun O33 - MountPoints2\{e213bd02-a0be-11e1-bcee-001c4af5a483}\Shell\AutoRun\command - "" = G:\0data\cbs.exe O33 - MountPoints2\{f651f7cf-4b80-11e2-a3e3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f651f7cf-4b80-11e2-a3e3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2013.08.12 16:49:10 | 003,833,856 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.01.11 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Compatibility Verifier [2015.01.09 19:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014.12.28 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\WB Games [2014.12.26 15:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2014.12.24 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Runic Games [2014.12.24 20:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II [2014.12.24 20:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games [2014.12.24 16:57:46 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music [2014.12.24 16:57:44 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Amazon Music [2014.12.23 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2014.12.20 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\NVIDIA Corporation [2014.12.20 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\NVIDIA [2014.12.20 18:07:09 | 002,800,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll [2014.12.20 18:07:09 | 002,197,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll [2014.12.20 18:07:09 | 001,715,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll [2014.12.20 18:07:09 | 001,291,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll [2014.12.20 18:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2014.12.20 18:06:20 | 000,615,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2014.12.20 18:03:50 | 001,538,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2014.12.20 18:03:50 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2014.12.20 18:03:50 | 000,038,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys [2014.12.20 18:03:50 | 000,035,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll [2014.12.20 18:03:50 | 000,032,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll [2014.12.20 18:03:50 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2014.12.20 18:03:49 | 031,893,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2014.12.20 18:03:49 | 024,557,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2014.12.20 18:03:49 | 020,922,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2014.12.20 18:03:49 | 019,966,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2014.12.20 18:03:49 | 017,259,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2014.12.20 18:03:49 | 014,032,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2014.12.20 18:03:49 | 013,944,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2014.12.20 18:03:49 | 011,397,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2014.12.20 18:03:49 | 011,336,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2014.12.20 18:03:49 | 004,292,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2014.12.20 18:03:49 | 004,011,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2014.12.20 18:03:49 | 002,874,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2014.12.20 18:03:49 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434475.dll [2014.12.20 18:03:49 | 001,540,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434475.dll [2014.12.20 18:03:49 | 000,964,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2014.12.20 18:03:49 | 000,935,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2014.12.20 18:03:49 | 000,923,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2014.12.20 18:03:49 | 000,900,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2014.12.20 18:03:49 | 000,871,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2014.12.20 18:03:49 | 000,500,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2014.12.20 18:03:49 | 000,418,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2014.12.20 18:03:49 | 000,393,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll [2014.12.20 18:03:49 | 000,352,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2014.12.20 18:03:49 | 000,348,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll [2014.12.20 18:03:49 | 000,303,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2014.12.20 18:03:49 | 000,174,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2014.12.20 18:03:49 | 000,156,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2014.12.19 16:27:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.12.19 16:27:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.12.17 18:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.18 17:54:06 | 000,085,504 | -H-- | C] (YrJie Games) -- C:\Program Files (x86)\IeAdsBlocker.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.01.14 14:43:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.01.14 14:16:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.01.14 14:04:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\O7LGt3.dat [2015.01.14 13:43:32 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.01.14 13:43:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015.01.14 12:59:59 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.01.14 12:59:58 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.01.14 12:42:14 | 000,000,353 | ---- | M] () -- C:\Windows\lgfwup.ini [2015.01.14 12:39:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.01.14 12:39:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.01.14 12:39:09 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys [2015.01.11 13:02:54 | 002,930,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.01.11 13:02:53 | 008,459,434 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.01.11 13:02:53 | 002,567,938 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.01.11 13:02:53 | 002,296,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.01.11 13:02:53 | 000,006,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.12.24 20:58:49 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk [2014.12.24 16:58:04 | 000,001,208 | ---- | M] () -- C:\Users\Bjarne\Desktop\Amazon Music.lnk [2014.12.20 18:53:53 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2014.12.20 18:53:36 | 000,033,165 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2014.12.20 18:10:07 | 000,001,364 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2014.12.17 17:21:44 | 000,001,155 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.12.17 17:21:12 | 000,001,037 | ---- | M] () -- C:\Users\Bjarne\Desktop\Dropbox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.01.14 12:45:46 | 000,000,112 | ---- | C] () -- C:\ProgramData\O7LGt3.dat [2014.12.24 20:58:49 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk [2014.12.24 16:58:04 | 000,001,208 | ---- | C] () -- C:\Users\Bjarne\Desktop\Amazon Music.lnk [2014.12.20 18:10:07 | 000,001,364 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2014.12.17 17:21:44 | 000,001,155 | ---- | C] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.08.27 16:38:04 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2013.08.03 17:54:53 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2013.08.03 17:54:53 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012.07.22 18:34:52 | 000,007,885 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\Temp7.html [2012.07.22 18:34:38 | 000,001,667 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\Temp1.html [2012.02.09 15:46:49 | 000,011,776 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.28 20:51:52 | 000,007,601 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\Resmon.ResmonCfg [2012.01.19 20:56:15 | 000,000,488 | ---- | C] () -- C:\Users\Bjarne\.swfinfo [2012.01.19 17:25:13 | 171,823,104 | ---- | C] () -- C:\Users\Bjarne\20120119_Arte+7-Die_mächtigste_Bombe_der_Welt.mp4 [2012.01.17 11:39:26 | 000,000,042 | ---- | C] () -- C:\Users\Bjarne\AppData\Roaming\TheHunterSettings_live.cfg [2012.01.15 16:53:39 | 000,000,680 | RHS- | C] () -- C:\Users\Bjarne\ntuser.pol [2011.12.22 11:06:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.07 19:41:22 | 000,017,408 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\WebpageIcons.db [2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Bjarne\AppData\Roaming\MafiaSetup.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2015.01.14 14:42:58 | 000,704,512 | ---- | M] ()(C:\Windows\SysWow64\????????????????????????????????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 [2015.01.14 14:24:48 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\????????????????????????????????-journal) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤-journal [2015.01.14 14:19:15 | 000,065,536 | ---- | C] ()(C:\Windows\SysWow64\????????????????????????????????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 ========== Alternate Data Streams ========== @Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Bjarne\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Bjarne\Desktop\desktop.ini:gs5sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.01.2015 14:20:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bjarne\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 36,20% Memory free 15,96 Gb Paging File | 10,87 Gb Available in Paging File | 68,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,23 Gb Total Space | 74,15 Gb Free Space | 16,73% Space Free | Partition Type: NTFS Drive D: | 219,73 Gb Total Space | 45,16 Gb Free Space | 20,55% Space Free | Partition Type: NTFS Drive E: | 268,55 Gb Total Space | 49,03 Gb Free Space | 18,26% Space Free | Partition Type: NTFS Drive F: | 1,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BJARNE-PC | User Name: Bjarne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{053949AE-695B-496A-807C-86444404CC4F}" = rport=139 | protocol=6 | dir=out | app=system | "{0E7B8A43-F336-4565-B964-B6A5C183C080}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E54F474-FB1C-4717-8424-391C807E927B}" = rport=445 | protocol=6 | dir=out | app=system | "{206E06BB-1392-4EC5-988C-22A1686BE77A}" = lport=445 | protocol=6 | dir=in | app=system | "{31A44876-0DF6-4512-B2DB-5902E1D00D9F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C3E8FF6-788B-487C-9EA6-26D0E8D6C106}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F0425DC-6CBB-4D04-B1E8-9BC60FD8F6CD}" = rport=10243 | protocol=6 | dir=out | app=system | "{5F12B6C7-788D-4441-97B6-6B2CF3CC2DD5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{5F2D9B28-28E4-4D7D-A0BA-02C89CCAFE35}" = lport=2869 | protocol=6 | dir=in | app=system | "{708FFDEB-C2B3-48DD-8835-BD254F6875C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7132561C-C4E5-40F2-AAE6-6A42F1F8D4CA}" = rport=137 | protocol=17 | dir=out | app=system | "{742479CE-9386-40F8-97CE-D2CA275CF415}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8357E854-F093-4E9F-AD08-BE16310F662A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89F597F6-903B-479B-BE2A-97C9737AF821}" = lport=137 | protocol=17 | dir=in | app=system | "{8DB6FBF5-A03B-46A3-A57D-354313022B64}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{90307CB0-B4A7-4E22-9347-743F61764B32}" = lport=138 | protocol=17 | dir=in | app=system | "{91D95D76-DE01-4A32-A7A6-423649150BB8}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{995E44B0-FDD1-4B7D-90FB-8399F873E517}" = lport=139 | protocol=6 | dir=in | app=system | "{A267D70C-FF61-4BF8-920B-7C40F06D4BF2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A4B4C47E-A077-4F29-92EF-7536BAFD4EFF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{B2745ED0-62A5-48F0-A149-28482C8E2E49}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{C7EBCCE1-F694-4305-83BB-9D55E1D35F7B}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{D0D87AC8-249C-4090-BC9A-D22BA8572543}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D494B189-9E14-4467-9C6A-9F5B3B10C6AE}" = rport=138 | protocol=17 | dir=out | app=system | "{E63475EB-3C59-4AEF-9D6B-7ACEC1D1CEE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E998C4A4-45B3-48AF-8975-D81DA5E799FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EAE15C77-F26C-4AB6-B852-34E6869E5EA2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F60EE7F9-22E9-4A99-A375-579E8B5253E0}" = lport=10243 | protocol=6 | dir=in | app=system | "{FC2A32D7-1126-4A7E-BFB9-103071B993C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CEDF39-4E54-4543-BEE8-A78E8133F8BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{02BC5B46-4A4E-47ED-873F-F8F5E1C82A60}" = protocol=6 | dir=in | app=c:\users\bjarne\appdata\roaming\dropbox\bin\dropbox.exe | "{05CC9E5A-238A-4CDC-B942-C00E110CDA7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\addon.exe | "{065C6231-668A-4BFE-A611-A26822672B50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | "{07464163-9A84-44B9-AF87-F33CDD9B2396}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | "{084AB94E-DCED-4A1B-848A-FA4098908AB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{09ADBD79-F8B6-4B58-AF93-295A8440E436}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{0F31E555-CC0F-4040-A0F9-C2267E0BAF66}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | "{10B48F29-C7AE-4F58-AE28-47B19EB67EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "{10EE752D-A606-49B6-B4AE-836BE2FA7C31}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{12C2E019-9274-48B6-9BB3-C236AC023420}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\addonweb.exe | "{12FDE3B8-30D9-45BB-A818-5DDE3EC03AC1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\benchmark.exe | "{16A49BD0-94BE-47D2-AE9D-1D8C348E753D}" = protocol=6 | dir=out | app=system | "{19D0AD63-8E4B-42C3-9CC8-3648460DB8F1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1AFFCF62-361F-4C6E-9750-6CC205A48A4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1D241EEF-E9C2-4AE5-A865-7C48A31D2437}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{204C50D0-0483-413C-849C-4569DC7D205F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | "{207FE9D5-E2DD-4DF0-89EC-1322ABBF9F53}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\addonweb.exe | "{25417534-A882-41D4-BE6C-206404780D0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{25CD355D-FECA-4ACC-95AE-E14C90843DE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{29360E28-6E65-454B-9FE9-5EC6DA614C13}" = protocol=6 | dir=in | app=c:\users\bjarne\appdata\roaming\dropbox\bin\dropbox.exe | "{29F3C2E6-2ABC-452E-88D5-C95B7B9D7E16}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2ACE5346-9E0B-409F-8AA3-5FDCCD307763}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2ECC5584-5E77-4E14-9216-075580CCF453}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{305C1D2D-9CE2-4188-974F-0B4AF98CDB87}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{305DFFFA-26F7-4007-8FF2-6C5BD87A8FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{31C0B1A7-A3E8-436E-B28C-86C408D6340B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{325A0E69-9F93-4627-8592-5233A1F14C0C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3677D367-BE59-4E19-80F6-00A7BCB474AF}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{39518E37-AA79-4C28-AA9C-6843B0673250}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3DD011FB-9333-4E13-BAC9-CB5198C93001}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | "{3F781929-7CC4-41AA-9A4D-ED20F1456869}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\anno4.exe | "{40D63766-344D-4852-9DDF-891C3B7A8455}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{4124A3C3-E372-49E0-A1B4-948566FDD5B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4144FE0C-B1C8-4148-BCE3-EC55904105C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49B00327-BC35-4243-8101-7F21D7F5042F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{4EE2742A-E594-4C4C-ABEB-8640DFCD35BD}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{50C61BE2-3527-4AD4-825E-CA19A32198EE}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{51F5AD88-9604-4E5D-91D4-02195A3CBC63}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{55A1C2DD-31C3-4BA5-BD3B-60DB9AE0970B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{5DFB78E4-23AC-4EAB-8F5B-C7B36A14B2B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5E979149-7C05-4EF0-884A-281C386C5485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | "{5F26C645-31A4-4F46-8288-A4542AD45119}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | "{5F523D42-D210-4CAE-95AB-EF5F31AB4AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{60510466-4ACC-421F-B1E9-119D0825D5D8}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{60A4B0C1-BE93-414B-AC4A-FF22D6C2C08B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{6112BD81-7E80-4D5C-AE26-7D7C98A98808}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{623DD42E-61D4-4E05-9533-47C3D904B8BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{626C9BB3-169D-4930-B5E0-1DB022F268AB}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe | "{677945D4-0C02-41C6-AEF0-97C7359B7EA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{68DF0B40-1482-4136-8811-1EA90338E3F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{69D650D6-6C30-425C-81A8-A2D3445459A2}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe | "{6AD5C19B-128C-4692-A2F6-E43669599A7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | "{6B44A2D7-DCF7-4996-816B-7EC683E38892}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{6BDA1C57-B9C0-42DB-8840-55425AD2ECDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{6CBE1ED7-6044-4EB8-B039-F10D27153F8D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6DCE779C-5F6F-4FB7-A54B-B2381F80305D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{72D85397-8D78-41D0-9946-CFC78F896D50}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\anno4web.exe | "{73A4762B-FB89-41B2-AC67-7BAEA76511EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{77ABAA61-F029-44EF-93A9-FA4A1D6BB58D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "{7B08AC01-3FEE-49DD-84D4-063CE20FB7F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D035BC9-604E-4245-A814-395A85353A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\anno4.exe | "{7D5FE349-B246-4140-8716-DAD51D74CBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7DB14141-A01C-42DB-99D9-47F3DAB7D39B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{82D46663-A267-4962-8302-CD1CC0F45B5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{866AB617-6EA2-4559-84D0-048751424D0B}" = protocol=17 | dir=in | app=c:\users\bjarne\appdata\roaming\dropbox\bin\dropbox.exe | "{8688CBEB-ABF2-4659-8F2C-A8A5734AA2CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | "{8A89AD7C-79C5-47C1-8111-85B2521B4E95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | "{8B3D4CE9-7A2B-46ED-99F5-89F2C32E4905}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | "{8EEB0248-0257-448D-B3BA-42B2F434066B}" = protocol=17 | dir=in | app=c:\users\bjarne\appdata\roaming\dropbox\bin\dropbox.exe | "{918586EA-40B5-4D26-82B7-2B590687F383}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | "{93B1E5A6-9541-44EC-9137-DACE36C1EFBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{93CD4F09-9207-48CC-B20B-D6B43EEB8219}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{950FB7B2-1B83-4FF5-A5C0-05AAC2623505}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{970E02C5-80DE-4C7C-8AAC-F6635B3F8642}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | "{978320F9-ADB0-4928-B13F-ACF6F91FA9EA}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe | "{9A5AEE00-A8DA-45D6-9065-C0B0BE3BA437}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | "{9AD281CD-2E87-4E30-BC7C-410A3B561422}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AE0CB4E-F439-4BE3-AEA5-F15567312BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9B585F6F-1601-4DF7-85A6-5944E8A61DED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{9CBBC62F-BFB8-4CE1-AAD0-092A2F5939F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CCD2F40-E7E1-4122-9B08-462CA8671704}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9D72691D-5202-4FE4-8735-3B5FEA7E1EF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9DF1E7F4-DDC2-418B-8B82-05EEF48BE938}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9E9C6D0C-2C61-418B-9D20-3B53EB17BC6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | "{9EA6FFB7-75CD-435B-BE61-4A351ADF5794}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nosgoth\binaries\win32\nosgoth.exe | "{9EE305B9-913D-4D19-BB79-4CDAEB69F77B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A0BBFDE1-5FE5-41FE-B381-7851B922497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | "{A2233A35-2295-441A-9E17-37C095AF9D52}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A6325BA0-EE21-437E-9E67-0A6BBAED4266}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A65F66F5-6111-454B-8E86-745B004AC861}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anachronox\anox.exe | "{A7B21111-0C62-4A19-AD55-D124FCEE32C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{AB327773-F6E4-4ECC-94CD-9CF457F171BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AB3F3DC2-62D7-4945-8DFA-040A1C8B521A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{AC4EDB1E-3D82-4453-BB32-C929AA82C0FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{AD67F8C9-54EE-4688-8426-9553FA6CBD61}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AEAD4369-18DD-4066-B336-B2E9D6E97B39}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{AF3E7779-8460-4C2E-8D58-AA874673A925}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B5353C22-B46F-4D60-80E3-82C431B82D5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{B5F7A8C9-13A2-424D-88B0-67D6204A092E}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{B7947288-B220-4953-AAFE-05613E9267B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B7DC1222-C6B2-4A21-8990-433157629AE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA22A68E-3CD7-4E56-99F4-73402E14E14A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BDEEDB85-E3A7-48CB-9AF3-FCD1D470ADE6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BE23D5DB-7287-490B-A4C0-1EE2C199FF50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{C0881983-0F59-49BB-B38F-61BE2EEC30CE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C11CAC0D-61F9-4328-AF29-B74CD7DA67D3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\anno4web.exe | "{C1FC0E08-2E2E-4756-8B22-77B7542AC9C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe | "{C26B89BE-0F44-4EA0-AFB8-B2EBCF0A4972}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{C2CB5679-EDB7-4D83-B1C5-11386CB4CD3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nosgoth\binaries\win32\nosgoth.exe | "{C4268674-A303-4590-8BE8-E2B0E48205F1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C4C61ED1-6A6F-44B6-B463-D4C98DD4BB87}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C52FA5AE-C8DE-4223-9E35-1B15909D84BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\tools\benchmark.exe | "{C6086EF1-73A8-40AB-93B3-FC3232EA2761}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C74F0EEE-AE30-4461-8CF3-D97073702181}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nosgoth\binaries\win32\nosgoth.exe | "{C78BCC00-BEA1-48A7-B713-697391170A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe | "{CCB5C0E4-AA8C-42D5-B601-967E760BFFAE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D123B3C7-9045-4AD9-B99E-967F7DCF2781}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | "{D1DC4E3F-D672-43A2-A546-AE84D3EE2D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{D3216A55-8B25-435D-B509-6C389C3F2D80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "{D92C4889-5ADB-420F-A9E2-64ED6C8ACA11}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - gold edition\addon.exe | "{DA2D8F2B-C669-4227-9A78-6C08FA675AFB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{DBE23B4C-0351-4FCB-BCBD-31A4136243D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex the fall\deusex_steam.exe | "{DE17007E-E0D1-4C8D-B826-5045603E1FD3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E0DA17B3-E6A4-4FF3-B9AE-ED2C92FD3E17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{E1DC5A59-DFD6-4ABE-9B86-E62FEA4135F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex the fall\deusex_steam.exe | "{E20E6A86-B45E-4957-8107-79CB02CD6758}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nosgoth\binaries\win32\nosgoth.exe | "{E2AEF152-F9BA-4971-B1DF-AF09A2CC44B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{E4E68F10-9F46-456A-A759-5FA5C1399A37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anachronox\anox.exe | "{E7F0E9B3-1172-45E1-A3DC-42823BC52388}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | "{EB8407A3-28EC-4B36-BA7E-B3E70FD81523}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{EBF262AB-A618-43E9-84E0-1E304A255583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | "{F26C07D0-792F-4259-81E1-E6B9589A5CDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F2B8B528-DB60-4314-A1FF-A54FE63F9FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{F403BD6C-1EA3-4DCC-B544-34B283D56F07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | "{F4A0FBF0-79E7-48D8-A1F7-870467BB2207}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe | "{F5AB2E37-E07B-4DFC-9812-8F6E0E7159E4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F6544EC0-D4B5-41C6-B945-C492FBC313C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F89B8EB8-A62A-46A0-920D-0133B0655F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{FB6F590C-7DB1-470B-A991-62A6C19D9BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{FD4468E8-5381-4AE1-B520-C2CFBBF655DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "TCP Query User{CFB18946-B56C-4786-9997-5194D5F78619}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "UDP Query User{F37DAF23-6CAC-4490-9C44-7C3A0B1CFF3C}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1FC18AC7-3F98-45A4-8DB5-69518CE5BBD1}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 344.75 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 344.75 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 344.75 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.4.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 344.75 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.69 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.32.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.69 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.26 "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{C6400179-A2BD-4491-AD13-CEC9DD066246}" = Oracle VM VirtualBox 4.1.14 "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F509C1F4-0029-49F9-B145-A4C4E8DF481A}" = paint.net "{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists "98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) "CCleaner" = CCleaner [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Gold Edition "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1" = Torchlight II "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X "{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.13) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "{C960FF38-431D-429D-AD1F-FBD12A45B7C5}" = PDF Architect 2 View Module "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EE56B531-B655-4afa-9664-0C0970E5798B}_is1" = Blu-ray Copy 1.0.36 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F487FEEC-AE9F-4E68-82F2-300F49A8C435}" = Garmin BaseCamp "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "16233-DMP" = Devices and Printers icon for Trust 16233 "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "AnyDVD" = AnyDVD "AviSynth" = AviSynth 2.5 "AVMWLANCLI" = AVM FRITZ!WLAN "Cheat Engine 6.4_is1" = Cheat Engine 6.4 "Combat Wings/DE-German_is1" = Combat Wings "Company of Heroes" = Company of Heroes "DAEMON Tools Lite" = DAEMON Tools Lite "EAX Unified" = EAX Unified "Freizeitkarte_DEU" = Freizeitkarte_DEU (Ausgabe 13.07) "Gaming Mouse" = Gaming Mouse "Grand Theft Auto" = Grand Theft Auto "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso "InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 34.0.5 (x86 de)" = Mozilla Firefox 34.0.5 (x86 de) "Mozilla Thunderbird 31.3.0 (x86 de)" = Mozilla Thunderbird 31.3.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "PDF Architect 2" = PDF Architect 2 "PrecisionX" = EVGA Precision X 3.0.3 "PunkBusterSvc" = PunkBuster Services "QWdlIG9mIEVtcGlyZSAyIEhE_is1" = Age of Empire 2 HD (c) Ensemble Studios version 1 "Steam App 12210" = Grand Theft Auto IV "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 200110" = Nosgoth "Steam App 203140" = Hitman: Absolution "Steam App 218620" = PAYDAY 2 "Steam App 220240" = Far Cry® 3 "Steam App 238010" = Deus Ex: Human Revolution - Director's Cut "Steam App 24240" = PAYDAY: The Heist "Steam App 242940" = Anachronox "Steam App 258180" = Deus Ex: The Fall "Steam App 259080" = Just Cause 2: Multiplayer Mod "Steam App 32800" = The Lord of the Rings: War in the North "Steam App 340" = Half-Life 2: Lost Coast "Steam App 4000" = Garry's Mod "Steam App 43110" = Metro 2033 "Steam App 43160" = Metro: Last Light "Steam App 440" = Team Fortress 2 "Steam App 49520" = Borderlands 2 "Steam App 550" = Left 4 Dead 2 "Steam App 564" = Left 4 Dead 2 Add-on Support "Steam App 63380" = Sniper Elite V2 "Steam App 8190" = Just Cause 2 "Steam App 8930" = Sid Meier's Civilization V "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Amazon Music" = Amazon Music "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.01.2015 07:57:59 | Computer Name = Bjarne-PC | Source = SupraSavingsService64 | ID = 1 Description = Error - 11.01.2015 08:02:50 | Computer Name = Bjarne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.01.2015 08:02:50 | Computer Name = Bjarne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.01.2015 08:02:50 | Computer Name = Bjarne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 11.01.2015 14:28:27 | Computer Name = Bjarne-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SndVol.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7aced Name des fehlerhaften Moduls: SndVol.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7aced Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001d287 ID des fehlerhaften Prozesses: 0xaf8 Startzeit der fehlerhaften Anwendung: 0x01d02dbd7ab6e690 Pfad der fehlerhaften Anwendung: C:\Windows\system32\SndVol.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SndVol.exe Berichtskennung: a25b288a-99bf-11e4-b04a-c86000592361 Error - 12.01.2015 12:01:23 | Computer Name = Bjarne-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2015 12:02:12 | Computer Name = Bjarne-PC | Source = SupraSavingsService64 | ID = 1 Description = Error - 12.01.2015 15:14:58 | Computer Name = Bjarne-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Ausnahmecode: 0x4000001f Fehleroffset: 0x0022ecf0 ID des fehlerhaften Prozesses: 0x1814 Startzeit der fehlerhaften Anwendung: 0x01d02e9a900ed8c3 Pfad der fehlerhaften Anwendung: C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe Pfad des fehlerhaften Moduls: C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe Berichtskennung: 4c0ae3b3-9a8f-11e4-aabf-c86000592361 Error - 14.01.2015 07:40:58 | Computer Name = Bjarne-PC | Source = WinMgmt | ID = 10 Description = Error - 14.01.2015 07:41:46 | Computer Name = Bjarne-PC | Source = SupraSavingsService64 | ID = 1 Description = [ Media Center Events ] Error - 14.02.2012 08:35:16 | Computer Name = Bjarne-PC | Source = MCUpdate | ID = 0 Description = 13:35:16 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet getrennt..) Error - 29.03.2012 18:28:38 | Computer Name = Bjarne-PC | Source = MCUpdate | ID = 0 Description = 00:28:38 - Fehler beim Herstellen der Internetverbindung. 00:28:38 - Serververbindung konnte nicht hergestellt werden.. Error - 29.03.2012 18:28:47 | Computer Name = Bjarne-PC | Source = MCUpdate | ID = 0 Description = 00:28:43 - Fehler beim Herstellen der Internetverbindung. 00:28:43 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 14.02.2012 10:10:10 | Computer Name = Bjarne-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3856 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 14.01.2015 07:42:46 | Computer Name = Bjarne-PC | Source = PNRPSvc | ID = 102 Description = Error - 14.01.2015 07:42:46 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 14.01.2015 07:42:46 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = PNRPSvc | ID = 102 Description = Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = PNRPSvc | ID = 102 Description = Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 14.01.2015 07:42:56 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 14.01.2015 07:47:56 | Computer Name = Bjarne-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > |
14.01.2015, 15:43 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne abLesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2015, 15:48 | #5 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Oh entschuldigung, ich hatte gedacht es wäre sorum leichter. So hier noch einmal die Logs von Frst. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Bjarne (administrator) on BJARNE-PC on 14-01-2015 15:22:54 Running from C:\Users\Bjarne\Downloads Loaded Profile: Bjarne (Available profiles: Bjarne) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\003\xmkysecqun64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe () C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe (Dropbox, Inc.) C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-12-21] (Bitleader) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2013-12-17] (AVM Berlin) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-26] () HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [Amazon Music] => C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {1cc5856f-7a7e-11e1-af83-c86000592361} - G:\Bin\ASSETUP.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {a6fad6c1-20fe-11e1-9155-001e900652a7} - L:\pushinst.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {c5d34aed-7713-11e4-9471-c86000592361} - G:\pushinst.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {e1ad8f4a-20fd-11e1-8423-806e6f6e6963} - F:\install.EXE id= ver=1.0.0.0 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {e213bd02-a0be-11e1-bcee-001c4af5a483} - G:\0data\cbs.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {f651f7cf-4b80-11e2-a3e3-806e6f6e6963} - F:\autorun.exe Startup: C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3091055703-3976444142-289669604-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3091055703-3976444142-289669604-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=060612_5_&babsrc=SP_ss&mntrId=dc210453000000000000c86000592361 SearchScopes: HKU\S-1-5-21-3091055703-3976444142-289669604-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=060612_5_&babsrc=SP_ss&mntrId=dc210453000000000000c86000592361 BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: No Name -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> No File BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: YrJie New Games -> {A86EFAD9-8377-476D-9192-CF440B6F88EC} -> C:\Program Files (x86)\IeAdsBlocker.dll (YrJie Games) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default FF Homepage: www.facebook.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3091055703-3976444142-289669604-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-3091055703-3976444142-289669604-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default\user.js FF Extension: Adblock Plus - C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-13] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10] FF Extension: YrJie New Games - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} [2014-12-10] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-12-12] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-08] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-26] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-23] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S2 SupraSavingsService64; C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed] R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] () [File not signed] R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-05-09] () [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-31] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-08] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-21] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-31] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-14] (Duplex Secure Ltd.) U3 ajo4xjuw; C:\Windows\System32\Drivers\ajo4xjuw.sys [0 ] (Advanced Micro Devices) S1 netfilter64; system32\drivers\netfilter64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 15:22 - 2015-01-14 15:26 - 00026766 _____ () C:\Users\Bjarne\Downloads\FRST.txt 2015-01-14 15:22 - 2015-01-14 15:23 - 00000000 ____D () C:\FRST 2015-01-14 14:55 - 2015-01-14 14:55 - 02124288 _____ (Farbar) C:\Users\Bjarne\Downloads\FRST64.exe 2015-01-14 14:55 - 2015-01-14 14:55 - 00380416 _____ () C:\Users\Bjarne\Downloads\Gmer-19357.exe 2015-01-14 14:55 - 2015-01-14 14:55 - 00050477 _____ () C:\Users\Bjarne\Downloads\Defogger.exe 2015-01-14 14:48 - 2015-01-14 14:48 - 00116608 _____ () C:\Users\Bjarne\Downloads\Extras.Txt 2015-01-14 14:46 - 2015-01-14 14:46 - 00121326 _____ () C:\Users\Bjarne\Downloads\OTL.Txt 2015-01-14 14:19 - 2015-01-14 15:26 - 01376256 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2015-01-14 14:16 - 2015-01-14 14:16 - 00602112 _____ (OldTimer Tools) C:\Users\Bjarne\Downloads\OTL.exe 2015-01-14 12:45 - 2015-01-14 14:50 - 00000112 _____ () C:\ProgramData\O7LGt3.dat 2015-01-11 15:57 - 2015-01-12 17:20 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Compatibility Verifier 2015-01-10 13:03 - 2015-01-10 13:04 - 292729242 _____ () C:\Users\Bjarne\Downloads\60642404sp3.zip 2015-01-10 13:01 - 2015-01-10 13:01 - 02470521 _____ () C:\Users\Bjarne\Downloads\28064107.ZIP 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-09 19:08 - 2015-01-09 19:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 18:47 - 2015-01-14 12:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-09 18:47 - 2015-01-14 12:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2014-12-28 20:54 - 2014-12-28 20:54 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\WB Games 2014-12-27 11:26 - 2014-12-27 11:27 - 204164680 _____ () C:\Users\Bjarne\Downloads\kis15.0.1.415de-de.exe 2014-12-26 15:45 - 2014-12-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-24 21:02 - 2014-12-24 21:02 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Runic Games 2014-12-24 20:59 - 2014-12-28 20:46 - 00052653 _____ () C:\Windows\DirectX.log 2014-12-24 20:58 - 2014-12-24 20:58 - 00002193 _____ () C:\Users\Public\Desktop\Torchlight II.lnk 2014-12-24 20:58 - 2014-12-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II 2014-12-24 20:54 - 2014-12-24 20:54 - 00000000 ____D () C:\Program Files (x86)\Runic Games 2014-12-24 16:58 - 2014-12-24 16:58 - 00001208 _____ () C:\Users\Bjarne\Desktop\Amazon Music.lnk 2014-12-24 16:57 - 2014-12-24 16:57 - 39565896 _____ (Amazon) C:\Users\Bjarne\Downloads\AmazonMusicInstaller.exe 2014-12-23 15:20 - 2014-12-23 15:20 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-12-21 16:39 - 2015-01-14 12:39 - 00004032 _____ () C:\Windows\setupact.log 2014-12-21 16:39 - 2014-12-21 16:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-20 18:55 - 2014-12-20 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS 2014-12-20 18:26 - 2014-12-20 18:26 - 00850109 _____ () C:\Users\Bjarne\Downloads\M5A78L-M-USB3-ASUS-2001.zip 2014-12-20 18:10 - 2014-12-20 18:10 - 00001364 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2014-12-20 18:07 - 2014-12-20 18:10 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\NVIDIA Corporation 2014-12-20 18:07 - 2014-12-20 18:10 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\NVIDIA 2014-12-20 18:07 - 2014-11-17 21:02 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-12-20 18:06 - 2014-12-20 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-12-20 18:06 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-12-20 18:03 - 2014-11-17 23:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-12-20 18:03 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-12-20 18:03 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-20 18:03 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-20 18:03 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-20 18:03 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-12-20 18:03 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-20 17:52 - 2014-12-20 17:53 - 308364224 _____ (NVIDIA Corporation) C:\Users\Bjarne\Downloads\344.75-desktop-win8-win7-winvista-64bit-international-whql.exe 2014-12-19 16:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-19 16:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 18:26 - 2014-12-17 18:26 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-12-17 18:26 - 2014-12-17 18:26 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-17 18:24 - 2014-12-17 18:24 - 05162080 _____ (Piriform Ltd) C:\Users\Bjarne\Downloads\ccsetup500.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 15:26 - 2011-12-21 12:28 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\PMB Files 2015-01-14 15:16 - 2012-01-18 22:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-14 15:01 - 2013-12-08 15:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-14 14:43 - 2012-04-07 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-14 14:24 - 2011-12-07 19:09 - 01134010 _____ () C:\Windows\WindowsUpdate.log 2015-01-14 13:49 - 2014-12-10 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 13:43 - 2012-04-07 09:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 13:43 - 2012-04-07 09:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 13:43 - 2011-12-08 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 12:42 - 2012-12-21 16:38 - 00000353 _____ () C:\Windows\lgfwup.ini 2015-01-14 12:42 - 2012-12-21 16:38 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2015-01-14 12:40 - 2013-11-24 17:55 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Dropbox 2015-01-14 12:39 - 2012-01-18 22:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-14 12:39 - 2011-12-08 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-14 12:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-11 13:02 - 2011-04-12 08:43 - 08459434 _____ () C:\Windows\system32\perfh007.dat 2015-01-11 13:02 - 2011-04-12 08:43 - 02567938 _____ () C:\Windows\system32\perfc007.dat 2015-01-11 13:02 - 2009-07-14 06:13 - 00006268 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-10 12:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-07 21:27 - 2011-12-08 12:06 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Skype 2015-01-06 19:37 - 2011-12-15 13:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-01-05 20:00 - 2012-05-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-28 20:39 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-28 12:49 - 2012-05-06 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-27 18:37 - 2011-12-08 12:01 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Thunderbird 2014-12-27 11:24 - 2014-08-27 17:14 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Adobe 2014-12-24 21:04 - 2012-02-06 13:57 - 00000000 ____D () C:\Users\Bjarne\Documents\My Games 2014-12-24 21:04 - 2011-12-07 19:34 - 00000000 ____D () C:\Users\Bjarne 2014-12-21 11:40 - 2014-09-07 16:52 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-12-21 11:40 - 2012-02-15 15:27 - 00000000 ____D () C:\Users\Bjarne\Tracing 2014-12-21 11:40 - 2011-12-25 17:44 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\DAEMON Tools Lite 2014-12-21 11:40 - 2011-12-20 16:53 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\LogMeIn Hamachi 2014-12-21 11:40 - 2011-12-10 14:12 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\DAEMON Tools Pro 2014-12-21 11:39 - 2012-07-22 17:38 - 00000000 ____D () C:\Windows\Minidump 2014-12-21 11:39 - 2011-12-07 19:03 - 00000000 ____D () C:\Windows\Panther 2014-12-20 18:54 - 2012-12-29 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2014-12-20 18:54 - 2012-04-10 16:05 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-12-20 18:54 - 2011-12-07 20:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-20 18:53 - 2012-03-30 16:39 - 00033165 _____ () C:\Windows\Ascd_tmp.ini 2014-12-20 18:53 - 2012-03-30 16:39 - 00001769 _____ () C:\Windows\Language_trs.ini 2014-12-20 18:08 - 2011-12-08 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-20 18:07 - 2011-12-08 13:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-12-20 18:07 - 2011-12-08 13:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-20 18:06 - 2012-05-23 16:02 - 00000000 ____D () C:\TEMP 2014-12-17 17:48 - 2011-12-08 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-17 17:48 - 2011-12-08 12:06 - 00000000 ____D () C:\ProgramData\Skype 2014-12-17 17:21 - 2013-11-24 17:58 - 00001037 _____ () C:\Users\Bjarne\Desktop\Dropbox.lnk 2014-12-17 17:21 - 2013-11-24 17:56 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\O7LGt3.dat Some content of TEMP: ==================== C:\Users\Bjarne\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpncqvry.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 14:44 ==================== End Of Log ============================ und die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02 Ran by Bjarne at 2015-01-14 15:26:54 Running from C:\Users\Bjarne\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Age of Empire 2 HD (c) Ensemble Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZSAyIEhE_is1) (Version: 1 - ) Amazon Music (HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Anachronox (HKLM-x32\...\Steam App 242940) (Version: - ) ANNO 1404 - Gold Edition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.8.0 - SlySoft) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.) ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin) Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation) Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden Blu-ray Copy 1.0.36 (HKLM-x32\...\{EE56B531-B655-4afa-9664-0C0970E5798B}_is1) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Combat Wings (HKLM-x32\...\Combat Wings/DE-German_is1) (Version: - City Interactive) Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.) Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal) Deus Ex: The Fall (HKLM-x32\...\Steam App 258180) (Version: - Square Enix) Devices and Printers icon for Trust 16233 (HKLM-x32\...\16233-DMP) (Version: 1.00 - Trust International B.V.) DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte) Dropbox (HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) EAX Unified (HKLM-x32\...\EAX Unified) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation) Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) Freizeitkarte_DEU (Ausgabe 13.07) (HKLM-x32\...\Freizeitkarte_DEU) (Version: - ) Gaming Mouse (HKLM-x32\...\Gaming Mouse) (Version: - ) Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar) Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{1FC18AC7-3F98-45A4-8DB5-69518CE5BBD1}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version: - Valve) LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.) LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.) LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.) LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.) LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.) LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.) LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.) LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.166 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.166 - LogMeIn, Inc.) Hidden LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - ) Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version: - ) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - ) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Nosgoth (HKLM-x32\...\Steam App 200110) (Version: - Psyonix) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - ) NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Oracle VM VirtualBox 4.1.14 (HKLM\...\{C6400179-A2BD-4491-AD13-CEC9DD066246}) (Version: 4.1.14 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH) PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios) Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios) Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft) Torchlight II (HKLM-x32\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version: - White Rabbit Interactive) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.3.5 - Shark007) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 28-12-2014 20:42:59 DirectX wurde installiert 05-01-2015 14:52:13 Geplanter Prüfpunkt 09-01-2015 19:08:24 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 16:39:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 20:03:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0946275B-86FC-45D7-B999-3C0A75FFB30A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {2F107C44-CC2F-41A0-9773-EE5D0414FE29} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe <==== ATTENTION Task: {2FAD2A2D-BC15-4276-8125-5579FC643078} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {32DF9366-5573-4695-A9B5-3A32295A4F27} - System32\Tasks\{D5F62727-50AA-4758-91D9-63697F40EDA1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603 Task: {5576E834-5246-4D5E-B887-AB4B312CF907} - System32\Tasks\{7D2A612D-98FC-494B-9DDC-D23DB36D930B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603 Task: {6B6F1DA1-446E-4379-8757-4385D153E1C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8A9637AE-109F-4392-8850-EB5BAAF813A7} - System32\Tasks\{88823C95-9ED7-4185-BEFF-08279AA74BB5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {C4D313BA-E130-4FEA-A5C2-95021C314996} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe <==== ATTENTION Task: {DEA04618-71A0-4172-8B7E-F9C1D52A5EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {E977A05C-8D5E-431E-8CB8-3C8EDBAE5EB7} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.) Task: {FA15E359-E347-481A-9D31-A73E674A5516} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-08 13:46 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-04-18 20:39 - 2014-06-23 17:50 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-12-21 16:27 - 2009-07-02 15:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-01-09 18:47 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2014-05-09 20:23 - 2014-05-09 20:23 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe 2011-12-21 12:27 - 2013-04-26 16:15 - 04284976 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2014-12-24 16:57 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-01-09 18:47 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-14 12:39 - 2015-01-14 12:39 - 00043008 _____ () c:\users\bjarne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpncqvry.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-12-10 18:04 - 2014-12-10 18:04 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-12-27 11:24 - 2014-12-27 11:24 - 16843952 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\All Users:gs5sys AlternateDataStreams: C:\Users\Bjarne:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Application Data:gs5sys AlternateDataStreams: C:\Users\Bjarne\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Bjarne\Cookies:gs5sys AlternateDataStreams: C:\Users\Bjarne\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\Bjarne\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Bjarne\Desktop\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\Bjarne\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent ========================= Accounts: ========================== Administrator (S-1-5-21-3091055703-3976444142-289669604-500 - Administrator - Disabled) Bjarne (S-1-5-21-3091055703-3976444142-289669604-1000 - Administrator - Enabled) => C:\Users\Bjarne Gast (S-1-5-21-3091055703-3976444142-289669604-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3091055703-3976444142-289669604-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/14/2015 00:41:46 PM) (Source: SupraSavingsService64) (EventID: 1) (User: ) Description: SupraSavingsService64SvcInit, failed to connect to driver, status: -1 failed with 2 Error: (01/14/2015 00:40:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2015 08:14:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Ausnahmecode: 0x4000001f Fehleroffset: 0x0022ecf0 ID des fehlerhaften Prozesses: 0x1814 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/12/2015 05:02:12 PM) (Source: SupraSavingsService64) (EventID: 1) (User: ) Description: SupraSavingsService64SvcInit, failed to connect to driver, status: -1 failed with 2 Error: (01/12/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 07:28:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SndVol.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7aced Name des fehlerhaften Moduls: SndVol.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7aced Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001d287 ID des fehlerhaften Prozesses: 0xaf8 Startzeit der fehlerhaften Anwendung: 0xSndVol.exe0 Pfad der fehlerhaften Anwendung: SndVol.exe1 Pfad des fehlerhaften Moduls: SndVol.exe2 Berichtskennung: SndVol.exe3 Error: (01/11/2015 01:02:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (01/11/2015 01:02:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/11/2015 01:02:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/11/2015 00:57:59 PM) (Source: SupraSavingsService64) (EventID: 1) (User: ) Description: SupraSavingsService64SvcInit, failed to connect to driver, status: -1 failed with 2 System errors: ============= Error: (01/14/2015 00:47:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (01/14/2015 00:42:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (01/14/2015 00:42:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (01/14/2015 00:42:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (01/14/2015 00:42:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (01/14/2015 00:42:56 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (01/14/2015 00:42:56 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (01/14/2015 00:42:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (01/14/2015 00:42:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (01/14/2015 00:42:46 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (02/14/2012 03:10:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3856 seconds with 120 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.266 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD FX(tm)-4100 Quad-Core Processor Percentage of memory in use: 65% Total physical RAM: 8174.12 MB Available physical RAM: 2817.17 MB Total Pagefile: 16346.41 MB Available Pagefile: 11062.63 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System-reserviert) (Fixed) (Total:443.23 GB) (Free:73.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Dokumente) (Fixed) (Total:219.73 GB) (Free:45.16 GB) NTFS Drive e: (Multimedia) (Fixed) (Total:268.55 GB) (Free:49.03 GB) NTFS Drive f: (TL2) (CDROM) (Total:1.67 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D0CF60D6) Partition 1: (Not Active) - (Size=219.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=268.6 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=443.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
14.01.2015, 15:53 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Außerdem fragte ich noch nach bisherigen Funden. Wenn es bisher welche gab Logs dazu posten.
__________________ --> Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab |
14.01.2015, 16:03 | #7 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Ich habe leider keine vorherigen Logs, bzw ich weiß nicht wie ich die Logs von Kaspersky auslesen kann. Oh das mit dem Desktop habe ich übersehen Soll ich das Programm noch mal über den Desktop laufen lassen und die Logs noch einmal schicken? Danke schon mal |
14.01.2015, 16:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2015, 17:21 | #9 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Hi danke für die schnellen Antworten hier das adwCleaner Log Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 16:58:58 # Aktualisiert 07/01/2015 von Xplode # Database : 2015-01-13.2 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Bjarne - BJARNE-PC # Gestartet von : C:\Users\Bjarne\Desktop\AdwCleaner_4.107.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : netfilter64 [#] Dienst Gelöscht : SupraSavingsService64 Dienst Gelöscht : xmkysecqun64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater Ordner Gelöscht : C:\Program Files\003 Ordner Gelöscht : C:\Program Files\SupraSavings Ordner Gelöscht : C:\Users\Bjarne\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Bjarne\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\Bjarne\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Bjarne\AppData\Roaming\Compatibility Verifier Ordner Gelöscht : C:\Users\Bjarne\Documents\drivergenius Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default\user.js ***** [ Tasks ] ***** Task Gelöscht : Software Updater Ui Task Gelöscht : Software Updater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A86EFAD9-8377-476D-9192-CF440B6F88EC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A86EFAD9-8377-476D-9192-CF440B6F88EC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86EFAD9-8377-476D-9192-CF440B6F88EC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A86EFAD9-8377-476D-9192-CF440B6F88EC} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\UpToDown Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\suprasavings Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\coupon downloader Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Supra Savings Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.babylon.com ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0 (x86 de) [asd29d3u.default\prefs.js] - Zeile gelöscht : user_pref("extensions.dealply.channel", "vitaeazel"); ************************* AdwCleaner[R0].txt - [4915 octets] - [14/01/2015 16:54:30] AdwCleaner[S0].txt - [4223 octets] - [14/01/2015 16:58:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4283 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Bjarne on 14.01.2015 at 17:05:27,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\ieadsblocker.dll" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Bjarne\AppData\Roaming\getrighttogo" Successfully deleted: [Empty Folder] C:\Users\Bjarne\appdata\local\{11A78A0D-71DD-43C3-9438-C694B68856EB} Successfully deleted: [Empty Folder] C:\Users\Bjarne\appdata\local\{22D372EA-2597-445C-959D-B0DFA461A6D5} Successfully deleted: [Empty Folder] C:\Users\Bjarne\appdata\local\{32EC2E53-E175-4DCB-87B9-AB504F741589} Successfully deleted: [Empty Folder] C:\Users\Bjarne\appdata\local\{39408D07-052F-44FB-A304-AB1219AEDB0C} Successfully deleted: [Empty Folder] C:\Users\Bjarne\appdata\local\{F4A06C37-3780-4DE8-AE76-6EAC7CE9732B} ~~~ FireFox Emptied folder: C:\Users\Bjarne\AppData\Roaming\mozilla\firefox\profiles\asd29d3u.default\minidumps [530 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.01.2015 at 17:09:07,94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Bjarne (administrator) on BJARNE-PC on 14-01-2015 17:14:47 Running from C:\Users\Bjarne\Desktop Loaded Profile: Bjarne (Available profiles: Bjarne) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe () C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe (Dropbox, Inc.) C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-12-21] (Bitleader) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2013-12-17] (AVM Berlin) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-26] () HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Run: [Amazon Music] => C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {1cc5856f-7a7e-11e1-af83-c86000592361} - G:\Bin\ASSETUP.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {a6fad6c1-20fe-11e1-9155-001e900652a7} - L:\pushinst.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {c5d34aed-7713-11e4-9471-c86000592361} - G:\pushinst.exe HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {e1ad8f4a-20fd-11e1-8423-806e6f6e6963} - F:\install.EXE id= ver=1.0.0.0 HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\MountPoints2: {e213bd02-a0be-11e1-bcee-001c4af5a483} - G:\0data\cbs.exe Startup: C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3091055703-3976444142-289669604-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3091055703-3976444142-289669604-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default FF Homepage: www.facebook.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3091055703-3976444142-289669604-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-3091055703-3976444142-289669604-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: Adblock Plus - C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\asd29d3u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-13] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-14] FF Extension: YrJie New Games - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} [2015-01-14] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-12-12] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-08] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-26] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-23] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] () [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-31] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-08] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-21] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-31] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-14] (Duplex Secure Ltd.) U3 a8explwq; C:\Windows\System32\Drivers\a8explwq.sys [0 ] (Advanced Micro Devices) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 17:14 - 2015-01-14 17:16 - 00024538 _____ () C:\Users\Bjarne\Desktop\FRST.txt 2015-01-14 17:09 - 2015-01-14 17:09 - 00002042 _____ () C:\Users\Bjarne\Desktop\JRT.txt 2015-01-14 17:05 - 2015-01-14 17:05 - 00000000 ____D () C:\Windows\ERUNT 2015-01-14 17:03 - 2015-01-14 17:03 - 01707939 _____ (Thisisu) C:\Users\Bjarne\Desktop\JRT.exe 2015-01-14 17:01 - 2015-01-14 17:01 - 00004383 _____ () C:\Users\Bjarne\Desktop\AdwCleaner[S0].txt 2015-01-14 17:00 - 2015-01-14 17:00 - 00000310 _____ () C:\Windows\PFRO.log 2015-01-14 16:54 - 2015-01-14 16:59 - 00000000 ____D () C:\AdwCleaner 2015-01-14 16:53 - 2015-01-14 16:53 - 02191360 _____ () C:\Users\Bjarne\Desktop\AdwCleaner_4.107.exe 2015-01-14 15:26 - 2015-01-14 15:28 - 00042740 _____ () C:\Users\Bjarne\Downloads\Addition.txt 2015-01-14 15:22 - 2015-01-14 17:14 - 00000000 ____D () C:\FRST 2015-01-14 15:22 - 2015-01-14 15:28 - 00042175 _____ () C:\Users\Bjarne\Downloads\FRST.txt 2015-01-14 14:55 - 2015-01-14 14:55 - 02124288 _____ (Farbar) C:\Users\Bjarne\Desktop\FRST64.exe 2015-01-14 14:55 - 2015-01-14 14:55 - 00380416 _____ () C:\Users\Bjarne\Downloads\Gmer-19357.exe 2015-01-14 14:55 - 2015-01-14 14:55 - 00050477 _____ () C:\Users\Bjarne\Downloads\Defogger.exe 2015-01-14 14:48 - 2015-01-14 14:48 - 00116608 _____ () C:\Users\Bjarne\Downloads\Extras.Txt 2015-01-14 14:46 - 2015-01-14 14:46 - 00121326 _____ () C:\Users\Bjarne\Downloads\OTL.Txt 2015-01-14 14:19 - 2015-01-14 16:58 - 03768320 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2015-01-14 14:16 - 2015-01-14 14:16 - 00602112 _____ (OldTimer Tools) C:\Users\Bjarne\Downloads\OTL.exe 2015-01-14 13:49 - 2015-01-14 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 12:45 - 2015-01-14 16:59 - 00000112 _____ () C:\ProgramData\O7LGt3.dat 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-09 19:08 - 2015-01-09 19:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 18:47 - 2015-01-14 17:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-09 18:47 - 2015-01-14 17:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2014-12-28 20:54 - 2014-12-28 20:54 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\WB Games 2014-12-26 15:45 - 2014-12-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-24 21:02 - 2014-12-24 21:02 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Runic Games 2014-12-24 20:59 - 2014-12-28 20:46 - 00052653 _____ () C:\Windows\DirectX.log 2014-12-24 20:58 - 2014-12-24 20:58 - 00002193 _____ () C:\Users\Public\Desktop\Torchlight II.lnk 2014-12-24 20:58 - 2014-12-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II 2014-12-24 20:54 - 2014-12-24 20:54 - 00000000 ____D () C:\Program Files (x86)\Runic Games 2014-12-24 16:58 - 2014-12-24 16:58 - 00001208 _____ () C:\Users\Bjarne\Desktop\Amazon Music.lnk 2014-12-23 15:20 - 2014-12-23 15:20 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-12-21 16:39 - 2015-01-14 17:01 - 00004200 _____ () C:\Windows\setupact.log 2014-12-21 16:39 - 2014-12-21 16:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-20 18:55 - 2014-12-20 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS 2014-12-20 18:26 - 2014-12-20 18:26 - 00850109 _____ () C:\Users\Bjarne\Downloads\M5A78L-M-USB3-ASUS-2001.zip 2014-12-20 18:10 - 2014-12-20 18:10 - 00001364 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2014-12-20 18:07 - 2014-12-20 18:10 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\NVIDIA Corporation 2014-12-20 18:07 - 2014-12-20 18:10 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\NVIDIA 2014-12-20 18:07 - 2014-11-17 21:02 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-12-20 18:07 - 2014-11-17 21:02 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-12-20 18:06 - 2014-12-20 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-12-20 18:06 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-12-20 18:03 - 2014-11-17 23:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-12-20 18:03 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-12-20 18:03 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-20 18:03 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-20 18:03 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-20 18:03 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-20 18:03 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-12-20 18:03 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-20 17:52 - 2014-12-20 17:53 - 308364224 _____ (NVIDIA Corporation) C:\Users\Bjarne\Downloads\344.75-desktop-win8-win7-winvista-64bit-international-whql.exe 2014-12-19 16:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-19 16:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 18:26 - 2014-12-17 18:26 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-12-17 18:26 - 2014-12-17 18:26 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-17 18:24 - 2014-12-17 18:24 - 05162080 _____ (Piriform Ltd) C:\Users\Bjarne\Downloads\ccsetup500.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 17:16 - 2012-01-18 22:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-14 17:16 - 2011-12-21 12:28 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\PMB Files 2015-01-14 17:14 - 2011-12-07 19:09 - 01150550 _____ () C:\Windows\WindowsUpdate.log 2015-01-14 17:13 - 2013-12-08 15:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-14 17:09 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 17:09 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 17:02 - 2013-11-24 17:55 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Dropbox 2015-01-14 17:01 - 2012-12-21 16:38 - 00000353 _____ () C:\Windows\lgfwup.ini 2015-01-14 17:01 - 2012-12-21 16:38 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2015-01-14 17:01 - 2012-01-18 22:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-14 17:00 - 2012-05-06 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 17:00 - 2011-12-08 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-14 17:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 16:43 - 2012-04-07 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-14 13:43 - 2012-04-07 09:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 13:43 - 2012-04-07 09:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 13:43 - 2011-12-08 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-11 13:02 - 2011-04-12 08:43 - 08459434 _____ () C:\Windows\system32\perfh007.dat 2015-01-11 13:02 - 2011-04-12 08:43 - 02567938 _____ () C:\Windows\system32\perfc007.dat 2015-01-11 13:02 - 2009-07-14 06:13 - 00006268 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-10 12:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-07 21:27 - 2011-12-08 12:06 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Skype 2015-01-06 19:37 - 2011-12-15 13:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-01-05 20:00 - 2012-05-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-28 20:39 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-27 18:37 - 2011-12-08 12:01 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Thunderbird 2014-12-27 11:24 - 2014-08-27 17:14 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\Adobe 2014-12-24 21:04 - 2012-02-06 13:57 - 00000000 ____D () C:\Users\Bjarne\Documents\My Games 2014-12-24 21:04 - 2011-12-07 19:34 - 00000000 ____D () C:\Users\Bjarne 2014-12-21 11:40 - 2014-09-07 16:52 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-12-21 11:40 - 2012-02-15 15:27 - 00000000 ____D () C:\Users\Bjarne\Tracing 2014-12-21 11:40 - 2011-12-25 17:44 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\DAEMON Tools Lite 2014-12-21 11:40 - 2011-12-20 16:53 - 00000000 ____D () C:\Users\Bjarne\AppData\Local\LogMeIn Hamachi 2014-12-21 11:40 - 2011-12-10 14:12 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\DAEMON Tools Pro 2014-12-21 11:39 - 2012-07-22 17:38 - 00000000 ____D () C:\Windows\Minidump 2014-12-21 11:39 - 2011-12-07 19:03 - 00000000 ____D () C:\Windows\Panther 2014-12-20 18:54 - 2012-12-29 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2014-12-20 18:54 - 2012-04-10 16:05 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-12-20 18:54 - 2011-12-07 20:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-20 18:53 - 2012-03-30 16:39 - 00033165 _____ () C:\Windows\Ascd_tmp.ini 2014-12-20 18:53 - 2012-03-30 16:39 - 00001769 _____ () C:\Windows\Language_trs.ini 2014-12-20 18:08 - 2011-12-08 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-20 18:07 - 2011-12-08 13:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-12-20 18:07 - 2011-12-08 13:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-20 18:06 - 2012-05-23 16:02 - 00000000 ____D () C:\TEMP 2014-12-17 17:48 - 2011-12-08 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-17 17:48 - 2011-12-08 12:06 - 00000000 ____D () C:\ProgramData\Skype 2014-12-17 17:21 - 2013-11-24 17:58 - 00001037 _____ () C:\Users\Bjarne\Desktop\Dropbox.lnk 2014-12-17 17:21 - 2013-11-24 17:56 - 00000000 ____D () C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\O7LGt3.dat Some content of TEMP: ==================== C:\Users\Bjarne\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppf7ruj.dll C:\Users\Bjarne\AppData\Local\Temp\Quarantine.exe C:\Users\Bjarne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 14:44 ==================== End Of Log ============================ --- --- --- Ich weiß nicht ob du sie noch brauchst da dies ja der 2 scan ist aber hier ist auch noch einmal die addition. Kann ja nicht schaden^^ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02 Ran by Bjarne at 2015-01-14 17:16:42 Running from C:\Users\Bjarne\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Age of Empire 2 HD (c) Ensemble Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZSAyIEhE_is1) (Version: 1 - ) Amazon Music (HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Anachronox (HKLM-x32\...\Steam App 242940) (Version: - ) ANNO 1404 - Gold Edition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.8.0 - SlySoft) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.) ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin) Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation) Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden Blu-ray Copy 1.0.36 (HKLM-x32\...\{EE56B531-B655-4afa-9664-0C0970E5798B}_is1) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Combat Wings (HKLM-x32\...\Combat Wings/DE-German_is1) (Version: - City Interactive) Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.) Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal) Deus Ex: The Fall (HKLM-x32\...\Steam App 258180) (Version: - Square Enix) Devices and Printers icon for Trust 16233 (HKLM-x32\...\16233-DMP) (Version: 1.00 - Trust International B.V.) DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte) Dropbox (HKU\S-1-5-21-3091055703-3976444142-289669604-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) EAX Unified (HKLM-x32\...\EAX Unified) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation) Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) Freizeitkarte_DEU (Ausgabe 13.07) (HKLM-x32\...\Freizeitkarte_DEU) (Version: - ) Gaming Mouse (HKLM-x32\...\Gaming Mouse) (Version: - ) Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar) Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{1FC18AC7-3F98-45A4-8DB5-69518CE5BBD1}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version: - Valve) LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.) LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.) LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.) LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.) LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.) LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.) LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.) LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.166 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.166 - LogMeIn, Inc.) Hidden LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - ) Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version: - ) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - ) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Nosgoth (HKLM-x32\...\Steam App 200110) (Version: - Psyonix) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - ) NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Oracle VM VirtualBox 4.1.14 (HKLM\...\{C6400179-A2BD-4491-AD13-CEC9DD066246}) (Version: 4.1.14 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH) PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios) Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios) Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft) Torchlight II (HKLM-x32\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version: - White Rabbit Interactive) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.3.5 - Shark007) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3091055703-3976444142-289669604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 28-12-2014 20:42:59 DirectX wurde installiert 05-01-2015 14:52:13 Geplanter Prüfpunkt 09-01-2015 19:08:24 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 16:39:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 20:03:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0946275B-86FC-45D7-B999-3C0A75FFB30A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {2FAD2A2D-BC15-4276-8125-5579FC643078} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {32DF9366-5573-4695-A9B5-3A32295A4F27} - System32\Tasks\{D5F62727-50AA-4758-91D9-63697F40EDA1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603 Task: {5576E834-5246-4D5E-B887-AB4B312CF907} - System32\Tasks\{7D2A612D-98FC-494B-9DDC-D23DB36D930B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603 Task: {6B6F1DA1-446E-4379-8757-4385D153E1C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8A9637AE-109F-4392-8850-EB5BAAF813A7} - System32\Tasks\{88823C95-9ED7-4185-BEFF-08279AA74BB5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {DEA04618-71A0-4172-8B7E-F9C1D52A5EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {E977A05C-8D5E-431E-8CB8-3C8EDBAE5EB7} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.) Task: {FA15E359-E347-481A-9D31-A73E674A5516} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-08 13:46 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-04-18 20:39 - 2014-06-23 17:50 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-12-21 16:27 - 2009-07-02 15:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-01-09 18:47 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2011-12-21 12:27 - 2013-04-26 16:15 - 04284976 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2014-12-24 16:57 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Bjarne\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-14 17:02 - 2015-01-14 17:02 - 00043008 _____ () c:\users\bjarne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppf7ruj.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Bjarne\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2015-01-14 13:49 - 2015-01-14 13:49 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-09 18:47 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2015-01-09 18:47 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2015-01-09 18:47 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\All Users:gs5sys AlternateDataStreams: C:\Users\Bjarne:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Application Data:gs5sys AlternateDataStreams: C:\Users\Bjarne\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Bjarne\Cookies:gs5sys AlternateDataStreams: C:\Users\Bjarne\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\Bjarne\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Bjarne\Desktop\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Bjarne\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\Bjarne\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent ========================= Accounts: ========================== Administrator (S-1-5-21-3091055703-3976444142-289669604-500 - Administrator - Disabled) Bjarne (S-1-5-21-3091055703-3976444142-289669604-1000 - Administrator - Enabled) => C:\Users\Bjarne Gast (S-1-5-21-3091055703-3976444142-289669604-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3091055703-3976444142-289669604-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (01/14/2015 05:13:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (01/14/2015 05:13:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (01/14/2015 05:13:29 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (01/14/2015 05:13:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (01/14/2015 05:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (01/14/2015 05:13:25 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (02/14/2012 03:10:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3856 seconds with 120 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.806 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:59:04.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-09 19:40:11.266 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD FX(tm)-4100 Quad-Core Processor Percentage of memory in use: 35% Total physical RAM: 8174.12 MB Available physical RAM: 5282.15 MB Total Pagefile: 16346.41 MB Available Pagefile: 13047.42 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (System-reserviert) (Fixed) (Total:443.23 GB) (Free:74.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Dokumente) (Fixed) (Total:219.73 GB) (Free:45.16 GB) NTFS Drive e: (Multimedia) (Fixed) (Total:268.55 GB) (Free:49.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D0CF60D6) Partition 1: (Not Active) - (Size=219.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=268.6 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=443.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
14.01.2015, 21:25 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\O7LGt3.dat C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2015, 15:25 | #11 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Hallo, Entschuldigung das ich mich jetzt erst melde ich hatte gestern leider keine Zeit um mich um meinen PC zu "kümmern". Ich habe eben wie beschrieben Frst gestartet dies ist jedoch nach kurzer Zeit abgestürzt habe hier das Log. (Ist aber glaube ich unvolständig) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01 Ran by Bjarne at 2015-01-16 15:06:03 Run:1 Running from C:\Users\Bjarne\Desktop Loaded Profiles: Bjarne (Available profiles: Bjarne) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\O7LGt3.dat C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} EmptyTemp: Hosts: ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\ProgramData\O7LGt3.dat => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} => Moved successfully. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. |
17.01.2015, 16:47 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Kein Problem! Virenscanner bitte deaktivieren, Fix wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2015, 20:28 | #13 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Abend, So ich habe jetzt frst einfach noch einmal mit deaktiviertem Virensystem gestartet hat super geklappt. hier ist das log, Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01 Ran by Bjarne at 2015-01-17 20:20:16 Run:2 Running from C:\Users\Bjarne\Desktop Loaded Profiles: Bjarne (Available profiles: Bjarne) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\O7LGt3.dat C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE} EmptyTemp: Hosts: ***************** HKLM\SOFTWARE\Policies\Google => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. C:\ProgramData\O7LGt3.dat => Moved successfully. "C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71942AE4-AB48-4928-898B-6206899456EE}" => File/Directory not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 1016.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:21:38 ==== |
17.01.2015, 20:42 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab top Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
18.01.2015, 13:59 | #15 |
| Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab Moin, hier ist das MBAM Log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.01.2015 Suchlauf-Zeit: 20:47:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.17.04 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Bjarne Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 383442 Verstrichene Zeit: 12 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 11 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6908, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5628, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6524, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6508, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1532, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4960, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6804, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3584, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6912, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 7952, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 2556, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72] Module: 10 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], Registrierungsschlüssel: 3 PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, In Quarantäne, [bcbcef095c2d72c44f19dbc5ba49cc34], PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [fc7c9b5ded9c95a12b743b6c976c7789], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [225657a16b1e8da9a0c81b56d0338e72], Dateien: 13 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [225657a16b1e8da9a0c81b56d0338e72], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [225657a16b1e8da9a0c81b56d0338e72], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2b29e14c1f765a41b8011cf214ec7766 # engine=22016 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-17 11:10:39 # local_time=2015-01-18 12:10:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777213 100 100 14884 53010661 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 47730318 173166089 0 0 # scanned=453067 # found=14 # cleaned=0 # scan_time=10702 sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir" sh=556095C3C04108657513E0DB73F9659259FE752E ft=1 fh=2b61ea0a79f227a9 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir" sh=7FD34F048378000A2153730C4036AD5DF37A6341 ft=1 fh=f0c6bce383296b05 vn="Variante von Win32/AdSuproot.A Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir" sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir" sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir" sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir" sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir" sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir" sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bjarne\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=0FD7F3F732BFBD0956BB319E25F361E2AE6D8F12 ft=1 fh=a33b31cb5f52c3c7 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=268979BC94F89E29C10C925824C49D5C9B5B1C09 ft=1 fh=029569cfdc034e29 vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\hmhfslexky64.exe" sh=ED3AE0C892B53C95BD9BDE74AEE8396D41B3AF87 ft=1 fh=be30934dd2f4fafd vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe" sh=0DCCB385149D5A17C7F59DD289DA7E82305D474E ft=1 fh=412d1e41a2d4e851 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Program Files (x86)\Age of Empire 2 HD\steam_api.dll" sh=815CE918A2CF57F5E0A3A9346FD9A6F6B3D03D30 ft=1 fh=028c167410bf2336 vn="Win32/InstallCore.GI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bjarne\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe" |
Themen zu Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab |
64bit, compatibilitycheck.exe, einfach, gestartet, gestern, hoffe, html, i-net, kaspersky, langsamer, laufen, manager, plötzlich, problem, programme, prozesse, quelle, richtig, scan, security, spiel, system, task manager, taskmanager, unbekannte, win |