| Klopapier | 25.10.2012 11:40 |
4 Unklare Dateien bei Avira gefunden
Hallo :C
Ich habe mir vor ein paar tagen avira anti virus premium geholt
aber nur die Testversion dann habe ich meine computer gescannt.
Und er hat das gefunden :
EXP/2012-1723.EU gefunden in C:\Users\***\AppData\Locallow\Sun\Java\Deployment\cache\6.0\8\5adcfd88-346667ac
ADWARE/Yontoo.E.1 gefunden in C:\Users\***\AppData\Local\Temp\YontooSetup-S.exe
TR/Dropper.MSIL.Gen2 gefunden in C:\Users\**\AppData\Roaming\file3.exe
TR\Crypt.XPACK.Gen gefunden in C:\Users\**\Desktop\Games\Desty\HD v19\Client\Hook.dll
*** Steht für meinen Bruder
** Steht für mich
Wir haben 2 Benutzer
Nunja Ich hab das dann in die Quarantäne geschoben :S
Ich weiß jetzt nicht ob es was schlimmes ist oder nicht :C
Bitte helft mir :/
Ich habe nur Avira sonst kein anderes viren programm.
Oh und ich habe ein 32bit-system
Falls ihr fragen oder noch infos braucht sagt bescheid :S
Danke für eure hilfe
mfg
Klopapier
Hier die OTL/Extras
OTL Logfile: Code:
OTL logfile created on: 24.10.2012 16:14:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,47 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 76,50% Memory free
4,93 Gb Paging File | 3,91 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,69 Gb Total Space | 153,39 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 86,24 Mb Free Space | 86,25% Space Free | Partition Type: NTFS
Drive F: | 452,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: **-PC | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.24 16:11:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe
PRC - [2012.09.25 11:00:47 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:07 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:53:11 | 000,369,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.09.25 10:52:58 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:50 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:42 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.07.04 10:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.04 10:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.07.04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.17 17:43:44 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
MOD - [2012.08.15 08:56:11 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012.08.15 08:55:30 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012.08.15 08:53:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.08.15 08:52:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.08.15 08:52:33 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.08.15 08:52:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.08.14 16:29:11 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012.08.14 09:40:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012.08.14 09:37:20 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
MOD - [2012.08.14 09:36:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.08.14 09:36:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.08.14 09:36:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.08.14 09:36:14 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.08.14 09:35:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.07.04 01:34:48 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012.07.04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2012.10.09 09:16:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.25 11:00:47 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:07 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:53:11 | 000,369,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.09.25 10:52:58 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.04 10:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - [2012.10.14 13:41:18 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.07.04 10:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.07.04 10:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.04 09:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BC1A4C27-056E-11E2-8E80-00238B42F16F}
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={BC1A4C27-056E-11E2-8E80-00238B42F16F}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 42 5B 6D C2 70 CD 01 [binary data]
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\SearchScopes\{7B9EBDB9-0764-4AED-BA67-B67044BCFC4C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={934D4909-FD7F-469E-B5C2-0F8C174A81C3}&mid=dc6bb9cdd2c747d0bcead16acda6189c-aeccbde492a6ec43962dc9eec9e4d7b92d135428&lang=de&ds=is015&pr=sa&d=2012-08-02 18:11:00&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\**\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\**\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 08:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.10.14 12:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\extensions
[2012.10.14 12:26:30 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.09.13 08:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\**\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\**\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\**\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\**\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\**\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: uTorrentBar_DE = C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000..\Run: [] C:\ [2012.10.24 16:12:59 | 000,000,000 | R--D | M]
O4 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240CDB68-ADC0-4880-BD57-ECED6FA0BB43}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.02 17:27:09 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007.10.02 17:27:08 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.10.02 15:43:59 | 000,659,456 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007.10.02 17:28:31 | 000,000,158 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a20a4ceb-15e2-11e2-a685-00238b42f16f}\Shell - "" = AutoRun
O33 - MountPoints2\{a20a4ceb-15e2-11e2-a685-00238b42f16f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.10.02 17:27:08 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.24 16:12:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe
[2012.10.24 16:04:12 | 001,055,696 | ---- | C] (Yontoo LLC) -- C:\Users\**\Desktop\YontooSetup-S.exe
[2012.10.23 20:06:14 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Avira
[2012.10.23 20:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.23 19:59:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.23 19:59:29 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.23 19:59:29 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.23 19:59:29 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.23 19:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.23 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.23 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Microsoft Games
[2012.10.22 15:42:03 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\SFBot
[2012.10.19 19:53:48 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Trolol
[2012.10.18 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Alle Ordner
[2012.10.18 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Games
[2012.10.18 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Sims
[2012.10.14 14:00:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2012.10.14 13:54:00 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.10.14 13:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.14 13:41:18 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.10.14 13:41:12 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\DAEMON Tools Lite
[2012.10.14 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.10.14 13:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.10.14 13:25:23 | 000,000,000 | ---D | C] -- C:\Users\**\Documents\EA Games
[2012.10.14 13:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2012.10.14 12:57:45 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2012.10.14 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Neuer Ordner (2)
[2012.10.14 12:26:32 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\CRE
[2012.10.14 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Mozilla
[2012.10.14 12:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.10.14 12:26:22 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Conduit
[2012.10.14 12:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar_DE
[2012.10.14 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.10.14 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Sims 2
[2012.10.14 12:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.10.11 16:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.10.11 16:39:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012.10.11 15:56:05 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012.10.10 19:23:20 | 000,000,000 | ---D | C] -- C:\GAMIGO
[2012.10.10 19:23:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
========== Files - Modified Within 30 Days ==========
[2012.10.24 16:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.24 16:11:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe
[2012.10.24 16:04:34 | 000,089,600 | ---- | M] () -- C:\Users\**\Desktop\Hook.dll
[2012.10.24 16:04:20 | 000,018,651 | ---- | M] () -- C:\Users\**\Desktop\5adcfd88-346667ac
[2012.10.24 16:04:12 | 001,055,696 | ---- | M] (Yontoo LLC) -- C:\Users\**\Desktop\YontooSetup-S.exe
[2012.10.24 15:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3411894796-3872912960-3391697476-1000UA.job
[2012.10.24 14:22:26 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 14:22:26 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 14:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 14:14:33 | 1986,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 20:00:13 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.23 19:22:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3411894796-3872912960-3391697476-1000Core.job
[2012.10.22 16:48:11 | 001,811,743 | ---- | M] () -- C:\Users\**\Desktop\omg.png
[2012.10.19 12:47:32 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk
[2012.10.19 12:45:06 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 H&M®-Fashion-Accessoires.lnk
[2012.10.19 09:47:20 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 IKEA® Home-Accessoires.lnk
[2012.10.19 09:45:01 | 000,002,490 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires.lnk
[2012.10.18 19:58:49 | 000,002,020 | ---- | M] () -- C:\Users\**\Desktop\Sims 2.lnk
[2012.10.18 17:48:46 | 000,002,400 | ---- | M] () -- C:\Users\**\Desktop\Die Sims™ 2 Villen- und Garten-Accessoires.lnk
[2012.10.14 19:02:33 | 000,098,304 | ---- | M] () -- C:\Users\**\AppData\Roaming\chrtmp
[2012.10.14 13:45:34 | 000,641,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.14 13:45:34 | 000,605,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.14 13:45:34 | 000,125,408 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.14 13:45:34 | 000,102,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.14 13:42:20 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.14 13:41:18 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.10.14 12:26:06 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.10.14 12:02:03 | 000,001,987 | ---- | M] () -- C:\Users\**\Desktop\JDownloader.lnk
[2012.10.14 11:44:48 | 000,002,444 | ---- | M] () -- C:\Users\**\Desktop\Google Chrome.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
========== Files Created - No Company Name ==========
[2012.10.24 16:04:34 | 000,089,600 | ---- | C] () -- C:\Users\**\Desktop\Hook.dll
[2012.10.24 16:04:20 | 000,018,651 | ---- | C] () -- C:\Users\**\Desktop\5adcfd88-346667ac
[2012.10.23 20:00:13 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.22 16:48:09 | 001,811,743 | ---- | C] () -- C:\Users\**\Desktop\omg.png
[2012.10.19 12:47:32 | 000,002,328 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk
[2012.10.19 12:45:06 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 H&M®-Fashion-Accessoires.lnk
[2012.10.19 09:47:20 | 000,002,328 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 IKEA® Home-Accessoires.lnk
[2012.10.19 09:45:01 | 000,002,490 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires.lnk
[2012.10.18 20:56:28 | 000,002,400 | ---- | C] () -- C:\Users\**\Desktop\Die Sims™ 2 Villen- und Garten-Accessoires.lnk
[2012.10.18 19:58:49 | 000,002,020 | ---- | C] () -- C:\Users\**\Desktop\Sims 2.lnk
[2012.10.14 13:42:20 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.14 12:26:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.10.14 12:02:03 | 000,001,987 | ---- | C] () -- C:\Users\**\Desktop\JDownloader.lnk
[2012.10.14 12:01:56 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.14 12:01:56 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.10.14 12:01:56 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.08.16 19:54:26 | 000,000,680 | RHS- | C] () -- C:\Users\**\ntuser.pol
[2012.08.16 17:31:26 | 000,004,620 | ---- | C] () -- C:\Users\**\AppData\Local\recently-used.xbel
[2012.08.15 18:53:15 | 000,098,304 | ---- | C] () -- C:\Users\**\AppData\Roaming\chrtmp
[2012.08.14 17:50:22 | 000,000,549 | ---- | C] () -- C:\Users\**\AppData\Roaming\server.properties
[2012.08.13 11:50:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.08.02 18:21:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.08.02 18:21:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.08.02 18:21:24 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.08.02 18:21:21 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.08.02 18:04:55 | 000,001,050 | ---- | C] () -- C:\Users\**\Dokumente - Verknüpfung.lnk
[2012.08.02 16:18:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.18 19:39:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.16 02:50:18 | 000,000,000 | R--D | M] -- C:\Users\**\AppData\Roaming\.minecraft
[2012.09.16 02:33:40 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\.Nitrous
[2012.10.14 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\DAEMON Tools Lite
[2012.08.02 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Easeware
[2012.09.16 02:40:20 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MTE
[2012.09.12 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org
[2012.10.22 15:42:03 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SFBot
[2012.10.24 14:19:21 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\uTorrent
[2012.08.21 18:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.10.11 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Aeria Games & Entertainment
[2012.09.23 11:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2012.09.08 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MTE
[2012.09.09 18:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2012.09.16 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.10.07 19:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.10.20 09:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.09.02 14:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
========== Purity Check ==========
< End of report >
--- --- ---
[/code]
OTL Logfile: Code:
OTL Extras logfile created on: 24.10.2012 16:14:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,47 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 76,50% Memory free
4,93 Gb Paging File | 3,91 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,69 Gb Total Space | 153,39 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 86,24 Mb Free Space | 86,25% Space Free | Partition Type: NTFS
Drive F: | 452,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: **-PC | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04522D14-CBC6-4671-AB8B-A9472ACADD7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1034CA2E-D2EF-4BFE-BF8D-9FFC90DC46D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10ACA161-834B-4537-9652-1988C476D22A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11D8375E-8F42-408F-A278-0D0B7678441C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19D110FA-7897-4B4D-8A57-6939B4B99543}" = lport=138 | protocol=17 | dir=in | app=system |
"{34B0B566-61B1-4B39-88BE-5FABB6A16AB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49F4D3AF-AB76-47A9-A763-44F6321F528F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{51A07BC6-D619-4081-AD92-EC9063D31FBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E13295F-F7EA-48BA-965A-0A169F77E86C}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F093C37-58CC-4530-BAA1-4A6D47D2264C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69483BCB-4C26-4A76-B5ED-B8DADD7D99BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7A34A494-FB25-4A2E-803D-E404D3BDB669}" = lport=445 | protocol=6 | dir=in | app=system |
"{A594073D-47C6-4F28-B6E0-61341A9D6994}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9343217-0DB7-45E8-BBF9-FAC51C95BEDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE6143C7-28D5-4422-8E40-4A9BE8AEFCC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{B53A1285-E4D0-490F-BBD1-93AF6B3F2CC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B69108B6-0F54-44B2-8E01-C5AA566595E2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{C6B3BEDB-71AD-45E1-812E-C314D6EDE1F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7F17672-AD2A-4DC4-9DD2-23CD5FADD282}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D31360ED-6647-431E-AC09-E8FD9CCAB139}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35253B5-59D8-4BE5-9B23-743200847D90}" = rport=138 | protocol=17 | dir=out | app=system |
"{F880B710-98B6-402C-B88C-6472162EE4EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0072E-E163-41A5-A04E-5A2EC28C02A4}" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"{09C6D6E5-97C5-4144-AE23-596E6F734D78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A81F70C-1E0F-4130-9150-508BEAF0BE85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0DD5759E-6E72-41C0-B3E1-C9E137F79FA8}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{19BE9B37-162B-4629-975E-B4BFCC8A744E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{24715EB5-A64A-43EF-A71C-3D9195EE4B87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{34740D5A-E65E-4400-B4EB-96E6EFD964F1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3601F678-E9BD-4CB1-A937-B5A243872919}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3FE25392-4565-4C12-B150-FD9E10ABE019}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D0C72C0-5812-4CA8-8365-CCED55A02699}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{525CDDE9-7819-4408-B72F-1105E2EF6E11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55176FE5-2704-4976-BD1C-39C7D3479743}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58F8FF1F-374B-4F69-BCA0-D7B608450DE0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6F8AF574-D4AE-42AD-9FEC-8814ADF82210}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{77FA36B3-C40A-4BD9-9675-56C33BDEA1BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80D6871C-61AC-4129-9E40-884FB5FF981A}" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"{9990DB92-747F-4E50-BCF0-AD7FB1CC3317}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9D959052-99E6-4325-B2B4-27E0B28CC2F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3BE4B30-C116-4F18-93AF-6188CF9B81F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B059300D-A745-46FE-8DC9-D0E54458CFC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BAE96C86-2811-4BAA-820D-05C24F84917E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BF5A8F0A-B9E5-427E-B7E4-340F33D639CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4500212-DC46-4B7B-B62D-D144B49B6D54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C568A12F-D2B9-4E76-B0E8-9B8382A3E579}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE267667-0618-4F3A-A3E8-1D8C6B4D5022}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEA9F55B-C30C-4462-B09F-C80DB873F24D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2EB1B73-2054-402B-B4BC-8DDE725B16B7}" = protocol=6 | dir=out | app=system |
"{E5B20A40-170D-4AA3-83E1-480DF9EA46C4}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{EDE22B18-821A-4874-A822-CE9274E61C02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2F885D0-BFF2-4400-9EEB-B80A58F224DF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F4402DDE-8556-4427-A8FA-ABE63D10AC95}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{FC3D4B8B-5BE7-45FC-8076-05E298A4C433}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{0CC6C53A-09B1-4263-81A4-41B1C67981F3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{314172BE-4DCE-4DEC-B2CC-E8E23531BE6B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{55133E8E-75BE-476D-B55A-FCA851160174}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{689291B0-FB6E-41D9-B6EB-12EFB21092E6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{CB1551DE-954A-4D63-B4F0-436F2E3B57D1}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{2225E46B-0B6E-4951-970C-514CDBBD1A60}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{39F74F65-871B-4103-90B9-3F9ACE2A42A1}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{82872F6A-386B-4C15-840F-13628823F486}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{D5CE9F0C-859F-4182-BB72-50E313498FA8}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{D94F9343-1C93-4445-972E-9426BE37F9E9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish
"{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common
"{16FED766-CFB4-87B1-9591-4A394E4AE673}" = ccc-utility
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1D33871D-8470-7658-9AC6-27F8C77AA3AB}" = AMD Accelerated Video Transcoding
"{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2D7F5276-5B18-A31A-3C39-3F537C12D310}" = AMD Drag and Drop Transcoding
"{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = AMD VISION Engine Control Center
"{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai
"{3406AF2D-25A4-F348-76C1-F2164AF6131F}" = AMD Fuel
"{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish
"{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek
"{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch
"{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish
"{56E56B8C-6B2E-F4FD-2C82-BDC128BDC894}" = AMD Catalyst Install Manager
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B00CD97-EADD-3AFC-A844-89EB4DA73461}" = Catalyst Control Center InstallProxy
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech
"{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B57458E-1BB4-F08F-C534-8B3E3D541229}" = AMD Media Foundation Decoders
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French
"{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"DAEMON Tools Lite" = DAEMON Tools Lite
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"GIMP-2_is1" = GIMP 2.8.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrivitizeVPN" = PrivitizeVPN
"Shaiya-DE" = Shaiya-DE
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3411894796-3872912960-3391697476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 12:16:34 | Computer Name = **-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ProgramData\Wizard101(DE)\PatchClient\BankB\SkinCrafterDll.dll".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.10.2012 13:22:57 | Computer Name = **-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1578 Startzeit: 01cda7031e553be9 Endzeit: 32 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 11.10.2012 03:10:37 | Computer Name = **-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ProgramData\Wizard101(DE)\PatchClient\BankB\SkinCrafterDll.dll".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.10.2012 05:02:45 | Computer Name = **-PC | Source = VSS | ID = 8194
Description =
Error - 13.10.2012 08:36:08 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00055401 ID des fehlerhaften
Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01cda93ef400edd6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8f761169-1532-11e2-b21b-00238b42f16f
Error - 14.10.2012 05:41:31 | Computer Name = **-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "AMD FUEL Service" konnte nicht neu
gestartet werden.
Error - 15.10.2012 09:10:08 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: YontooIEClient.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50259122 Ausnahmecode: 0xc0000005 Fehleroffset:
0x6862e6f1 ID des fehlerhaften Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung:
0x01cdaad660dff77d Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: YontooIEClient.dll Berichtskennung: a4589128-16c9-11e2-b91b-00238b42f16f
Error - 15.10.2012 09:11:36 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00055401 ID des fehlerhaften
Prozesses: 0x950 Startzeit der fehlerhaften Anwendung: 0x01cdaad695651d94 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d884a447-16c9-11e2-b91b-00238b42f16f
Error - 18.10.2012 04:11:09 | Computer Name = **-PC | Source = Application Hang | ID = 1002
Description = Programm Sims2EP8.exe, Version 1.16.0.194 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f18 Startzeit:
01cdad059fde8618 Endzeit: 180 Anwendungspfad: C:\Program Files\EA GAMES\Die Sims 2
Apartment-Leben\TSBin\Sims2EP8.exe Berichts-ID:
Error - 19.10.2012 06:52:05 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PackageInstaller.exe, Version: 1.17.0.66,
Zeitstempel: 0x48f13483 Name des fehlerhaften Moduls: PackageInstaller.exe, Version:
1.17.0.66, Zeitstempel: 0x48f13483 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059516
ID
des fehlerhaften Prozesses: 0x9d4 Startzeit der fehlerhaften Anwendung: 0x01cdade77df23afc
Pfad
der fehlerhaften Anwendung: C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\CSBin\PackageInstaller.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\CSBin\PackageInstaller.exe
Berichtskennung:
04ab3d10-19db-11e2-a38c-00238b42f16f
Error - 19.10.2012 06:52:09 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PackageInstaller.exe, Version: 1.17.0.66,
Zeitstempel: 0x48f13483 Name des fehlerhaften Moduls: PackageInstaller.exe, Version:
1.17.0.66, Zeitstempel: 0x48f13483 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059516
ID
des fehlerhaften Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0x01cdade798bf1cf0
Pfad
der fehlerhaften Anwendung: C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\CSBin\PackageInstaller.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\CSBin\PackageInstaller.exe
Berichtskennung:
0766e4df-19db-11e2-a38c-00238b42f16f
[ System Events ]
Error - 23.10.2012 09:25:04 | Computer Name = **-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD FUEL Service erreicht.
Error - 23.10.2012 09:25:04 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.10.2012 09:26:37 | Computer Name = **-PC | Source = bowser | ID = 8003
Description =
Error - 23.10.2012 12:17:53 | Computer Name = **-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD FUEL Service erreicht.
Error - 23.10.2012 12:17:53 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.10.2012 12:30:01 | Computer Name = **-PC | Source = bowser | ID = 8003
Description =
Error - 23.10.2012 13:50:17 | Computer Name = **-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD FUEL Service erreicht.
Error - 23.10.2012 13:50:17 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.10.2012 13:53:53 | Computer Name = **-PC | Source = bowser | ID = 8003
Description =
Error - 23.10.2012 14:29:57 | Computer Name = **-PC | Source = bowser | ID = 8003
Description =
< End of report >
--- --- ---
*** Steht wieder für meinen Bruder
** Steht für mich
PS: Bin ein richtiger neuling ich kenne mich garnicht aus :C |
