| |  find.exe, bump.exe, cmd.exe starten immer wieder und kann nichts auf eine SD Karte schreiben
 Hallo,
und zwar brauche ich hilfe da ich nicht genau weiß ob das jetzt ein Virus ist oder nicht.
OLT Scan: Zitat:
OTL logfile created on: 16.07.2012 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Macbook\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,67 Gb Available Physical Memory | 84,29% Memory free
15,82 Gb Paging File | 14,48 Gb Available in Paging File | 91,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187,47 Gb Total Space | 59,20 Gb Free Space | 31,58% Space Free | Partition Type: NTFS
Drive D: | 83,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 510,36 Gb Total Space | 166,36 Gb Free Space | 32,60% Space Free | Partition Type: HFS
Computer Name: MACBOOK-PC | User Name: Macbook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012.07.16 17:10:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Macbook\Desktop\OTL.exe
PRC - [2012.06.20 16:03:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.20 16:03:28 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.06.29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2011.06.29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011.06.13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.12 19:01:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.09.13 17:47:12 | 000,033,544 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Disabled | Stopped] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service)
SRV - [2011.09.13 17:44:20 | 000,260,360 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Disabled | Stopped] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service)
SRV - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 10:58:20 | 000,118,536 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)
DRV:64bit: - [2011.11.12 18:03:56 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.09.13 17:44:18 | 000,017,160 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\prl_time.sys -- (prl_time)
DRV:64bit: - [2011.09.13 17:44:16 | 000,037,640 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_strg.sys -- (prl_strg)
DRV:64bit: - [2011.09.13 17:44:16 | 000,026,248 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_tg.sys -- (prl_tg)
DRV:64bit: - [2011.09.13 17:44:14 | 000,040,200 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_sound.sys -- (prl_sound)
DRV:64bit: - [2011.09.13 17:44:06 | 000,019,720 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_mouf.sys -- (prl_mouf)
DRV:64bit: - [2011.09.13 17:44:04 | 000,019,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_memdev.sys -- (prl_memdev)
DRV:64bit: - [2011.09.13 17:44:02 | 000,156,424 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_kmdd.sys -- (prl_dd) Parallels Display Adapter (WDDM)
DRV:64bit: - [2011.09.13 17:44:00 | 000,196,360 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\prl_fs.sys -- (prl_fs)
DRV:64bit: - [2011.09.13 17:43:56 | 000,045,832 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\prl_boot.sys -- (prl_boot)
DRV:64bit: - [2011.08.25 06:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.07.06 19:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.06.29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011.06.29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011.06.29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2011.06.29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011.06.13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.06.13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2011.06.13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.06.13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011.06.13 18:37:06 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.06.13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011.03.25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2011.03.25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011.03.25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2011.03.25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22a:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 35 EC 6B A7 E6 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = tschisna.com:8080
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 16:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.10.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macbook\AppData\Roaming\mozilla\Extensions
[2012.07.13 12:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macbook\AppData\Roaming\mozilla\Firefox\Profiles\c648imhs.default\extensions
[2011.12.26 18:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.13 12:21:49 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\MACBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C648IMHS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.20 16:04:14 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MACBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C648IMHS.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.02.09 00:24:24 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MACBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C648IMHS.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.20 16:03:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 16:03:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 16:03:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 16:03:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 16:03:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 16:03:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 16:03:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.04.15 17:45:27 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 .psf
O1 - Hosts: 0.0.0.0 psf
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [Chew7Hale] C:\Windows\SysNative\hale.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Driver Genius] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: .psf ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: .psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: psf ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21989A0F-8E5E-46C6-A150-E7978415C707}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30C05BBF-3AD8-4F1B-9D88-5C3EEEFA20D5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B777DC6-1F0D-4896-8989-C3EDD08A7281}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4144AAA-1266-4AE2-9779-D4C12B701A39}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E229DC48-0300-486A-8AEE-CC938A490FA3}: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E789DB91-D845-43C4-8FB0-C41DD9A72F38}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2cd57b37-0d48-11e1-96c8-e4ce8f4ad9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{2cd57b37-0d48-11e1-96c8-e4ce8f4ad9b1}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{2cd57b37-0d48-11e1-96c8-e4ce8f4ad9b1}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{8550b715-0616-11e1-88a9-e4ce8f4ad9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{8550b715-0616-11e1-88a9-e4ce8f4ad9b1}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.16 17:09:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Macbook\Desktop\OTL.exe
[2012.07.16 16:54:24 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.07.16 14:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.16 12:52:24 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Local\Google
[2012.07.16 12:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.15 01:08:56 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.14 23:35:07 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.07.14 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Roaming\Malwarebytes
[2012.07.14 22:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 22:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 22:53:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 22:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.13 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Macbook\Desktop\flashnul-1rc1
[2012.07.12 21:27:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 21:27:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 21:27:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 21:27:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 21:27:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 21:27:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 21:27:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 21:27:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 21:27:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 21:27:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 21:27:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 21:27:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 21:27:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 21:12:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 19:45:16 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Local\Macromedia
[2012.07.12 19:01:57 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.27 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Roaming\TeamViewer
[2012.06.27 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Macbook\Desktop\Archiv
[2012.06.27 18:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2012.06.27 17:55:24 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Roaming\Skype
[2012.06.27 17:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.27 17:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.27 17:55:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.06.27 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.27 17:48:30 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.27 17:48:30 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.27 17:48:30 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.27 15:45:47 | 000,000,000 | ---D | C] -- C:\Users\Macbook\AppData\Roaming\AMD
[2012.06.21 15:38:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 15:38:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 15:38:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 15:37:46 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 15:37:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.20 19:11:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2012.06.20 18:18:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.20 18:18:31 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.20 18:18:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.20 18:18:27 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.20 18:18:27 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.20 18:18:26 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.20 18:18:14 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.20 18:18:02 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.20 18:18:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.20 17:30:26 | 000,000,000 | ---D | C] -- C:\Users\Macbook\Desktop\debian6-19-04-2012
[2012.06.20 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Macbook\Desktop\in32diskimager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.16 17:30:08 | 001,648,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 17:30:08 | 000,709,678 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 17:30:08 | 000,663,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 17:30:08 | 000,154,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 17:30:08 | 000,126,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 17:24:53 | 000,698,568 | ---- | M] () -- C:\Windows\SysNative\cwlog.dtl
[2012.07.16 17:23:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 17:22:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 17:22:18 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 17:21:17 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 17:21:17 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 17:21:08 | 000,000,020 | ---- | M] () -- C:\Users\Macbook\defogger_reenable
[2012.07.16 17:15:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.16 17:10:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Macbook\Desktop\OTL.exe
[2012.07.16 17:02:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 14:53:53 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.16 14:53:47 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.15 00:51:48 | 000,007,040 | ---- | M] () -- C:\bootsqm.dat
[2012.07.14 22:53:48 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 16:12:30 | 000,000,456 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.12 19:39:56 | 000,276,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 19:01:57 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 19:01:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.08 16:10:10 | 000,021,508 | -H-- | M] () -- C:\Users\Macbook\.DS_Store
[2012.07.08 16:10:05 | 000,015,364 | -H-- | M] () -- C:\Users\Macbook\Desktop\.DS_Store
[2012.07.07 15:02:42 | 000,021,508 | -H-- | M] () -- C:\.DS_Store
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 13:25:41 | 000,006,148 | -H-- | M] () -- C:\Users\Macbook\Documents\.DS_Store
[2012.06.28 00:12:45 | 000,004,096 | -H-- | M] () -- C:\Users\Macbook\Documents\._.DS_Store
[2012.06.27 20:19:38 | 000,018,807 | ---- | M] () -- C:\Users\Macbook\Desktop\test-hwid.zip
[2012.06.27 19:12:06 | 000,029,100 | ---- | M] () -- C:\Users\Macbook\Desktop\test.cs
[2012.06.27 17:55:13 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.20 18:12:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.20 18:12:23 | 001,671,318 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.20 17:33:31 | 1767,899,136 | ---- | M] () -- C:\Users\Macbook\Desktop\raspberrypi-fedora-remix-14-r1.img
[2012.06.20 16:04:23 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppcommdlg.dll
[2012.06.20 16:02:04 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
[2012.06.19 22:23:40 | 000,033,139 | ---- | M] () -- C:\Users\Macbook\Desktop\hwid.vb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.16 17:21:08 | 000,000,020 | ---- | C] () -- C:\Users\Macbook\defogger_reenable
[2012.07.16 14:53:47 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.16 12:52:35 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 12:52:33 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 00:51:48 | 000,007,040 | ---- | C] () -- C:\bootsqm.dat
[2012.07.14 22:53:48 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 19:02:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.28 00:12:45 | 000,006,148 | -H-- | C] () -- C:\Users\Macbook\Documents\.DS_Store
[2012.06.28 00:12:45 | 000,004,096 | -H-- | C] () -- C:\Users\Macbook\Documents\._.DS_Store
[2012.06.27 20:19:38 | 000,018,807 | ---- | C] () -- C:\Users\Macbook\Desktop\test-hwid.zip
[2012.06.27 19:12:06 | 000,029,100 | ---- | C] () -- C:\Users\Macbook\Desktop\test.cs
[2012.06.27 18:46:14 | 000,033,139 | ---- | C] () -- C:\Users\Macbook\Desktop\hwid.vb
[2012.06.27 17:55:13 | 000,002,547 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.20 16:05:35 | 1767,899,136 | ---- | C] () -- C:\Users\Macbook\Desktop\raspberrypi-fedora-remix-14-r1.img
[2012.04.15 17:45:10 | 000,000,456 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.14 12:38:06 | 000,000,095 | ---- | C] () -- C:\Users\Macbook\AppData\Local\fusioncache.dat
[2012.01.09 17:07:38 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE32.EXE
[2011.11.12 19:49:33 | 000,000,600 | ---- | C] () -- C:\Users\Macbook\AppData\Local\PUTTY.RND
[2011.11.12 18:09:04 | 000,000,910 | ---- | C] () -- C:\Windows\Rtcw.INI
[2011.11.03 15:27:32 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.03 15:13:50 | 000,021,508 | -H-- | C] () -- C:\Users\Macbook\.DS_Store
[2011.11.03 15:13:50 | 000,004,096 | -H-- | C] () -- C:\Users\Macbook\._.DS_Store
[2011.10.29 12:19:22 | 001,671,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.29 12:03:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.29 12:01:55 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.10.29 11:59:06 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.12 17:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== LOP Check ==========
[2012.01.22 19:43:01 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\.minecraft
[2012.06.27 15:45:47 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\AMD
[2012.01.13 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\Artisteer
[2012.05.29 06:07:47 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\CadSoft
[2011.11.24 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\FL_SIM_P4_D
[2011.12.01 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\FL_SIM_P4_DEMO_D
[2012.01.20 18:23:53 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\MonoDevelop-2.8
[2011.12.26 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\Notepad++
[2012.04.15 17:45:28 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\Parallels
[2012.04.05 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\PE Explorer
[2012.06.09 18:18:17 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\Pelles C
[2011.10.31 14:59:54 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\Samsung
[2012.01.20 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\stetic
[2012.06.27 18:51:42 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\TeamViewer
[2012.04.05 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\Macbook\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,031,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Macbook\Desktop\wolfengw:AFP_AfpInfo
@Alternate Data Stream - 20 bytes -> C:\Users\Macbook\Desktop\whitepixel-2:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\Users\Macbook\Desktop\24oktbafithreerld:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\TheVolumeSettingsFolder:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata
< End of report >
| Zitat:
OTL Extras logfile created on: 16.07.2012 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Macbook\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,67 Gb Available Physical Memory | 84,29% Memory free
15,82 Gb Paging File | 14,48 Gb Available in Paging File | 91,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187,47 Gb Total Space | 59,20 Gb Free Space | 31,58% Space Free | Partition Type: NTFS
Drive D: | 83,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 510,36 Gb Total Space | 166,36 Gb Free Space | 32,60% Space Free | Partition Type: HFS
Computer Name: MACBOOK-PC | User Name: Macbook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A2E219-1A44-4A9B-AABD-97074B08596F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{084C29B0-18E1-496B-B6EC-147DBBF770E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D57B784-EDAA-452C-B220-5361259DC511}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{21E0F61C-8B1B-4F25-A4DE-85BDC3B0EC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{21F58549-2C00-4435-8F24-4581F039375B}" = rport=445 | protocol=6 | dir=out | app=system |
"{26824558-13C1-464F-BCFB-D1A530E9958A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{274DF083-A298-4E46-9702-D19ADDB320B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{285F5B2C-6199-455F-932E-334A8FF8B495}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295B7A46-EFA7-4E5D-A6B3-1ACBC0682F50}" = lport=57084 | protocol=17 | dir=in | name=pando media booster |
"{464ADBE5-FA5C-480A-A9B1-814FE207B47B}" = rport=138 | protocol=17 | dir=out | app=system |
"{619DFF33-9641-458E-AFFA-F6DD59D72444}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BB708F3-D4B8-49E5-B517-84EEEB46DA7E}" = lport=57084 | protocol=6 | dir=in | name=pando media booster |
"{7F6A993D-46F1-4D4E-8C80-E4F90BD2D486}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84EBB8CB-EAA1-4A77-8987-6C984D37AE16}" = lport=57084 | protocol=17 | dir=in | name=pando media booster |
"{8AC63433-E6CA-48E9-85B5-FA5CB83AC2A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{958B4F80-A7C4-4987-B526-DA1FFE2166A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9FB5410A-952D-4591-8171-01318B1E7564}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A51A5C9B-61B2-4032-A4D1-847D956A655B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A83634F9-AA2E-48CD-AD56-B1BD27182B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABC635D1-BE60-406C-83E4-954CB12AEDEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B6B3CAB0-CECC-454B-8F1F-793911491CCC}" = rport=5355 | proatocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B90E09CC-FEA1-4D37-AEEE-BF853E4C2871}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0CA916B-7AB9-46EF-8BBB-83C8FE5D2D1D}" = lport=137 | protocol=17 | dir=in | app=system |
"{CE61412C-771F-4FDE-8D7E-C600A3613698}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D760B878-99FC-4C40-BDAC-3418CA4B454A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0A03F63-E072-49F4-B7CD-206CE1ECB3BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC7830DB-8E91-432F-B304-24E1543522C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECC1BFBC-36C8-4074-B795-8E06A331273A}" = lport=57084 | protocol=6 | dir=in | name=pando media booster |
"{F189B061-6979-481C-954B-8BD7D6FC934C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F848D784-34B8-47C0-B0F5-2BF11625BE8E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A44714-809D-4325-9386-BAB96E59402D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{057A803A-A0DB-4E7B-AAFB-42DC3E117BAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09E3D129-CCA8-4430-B802-A823587AA0A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D1FED00-604F-4B79-BA83-5A3C6423B5A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{11E1E232-5DE5-4FF8-B938-0D3F36807DDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{162868D8-41EF-41CC-BA74-3718E8D5280A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{1947F1E8-B23B-467E-A2E0-952364E7285E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F11FA7A-8602-4FAC-93D5-CFB4AE52738E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A642FDD-8DD8-4983-BA5F-8E5F27DFC97F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2BBAACD3-A43F-4ECE-BA68-9A943DC326B8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30B0164D-FDD0-43C8-931A-E3CB084C7786}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3AA57854-AE3E-4369-9E10-03EEFC83E6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3B6B3802-A91C-4412-92B3-155346D8083C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C954ECC-6158-4BCF-9DAE-943818617645}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3EB06F06-23BE-4C5C-9635-85216948CEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{42B46378-4923-4DB0-993F-61F134E9A79E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4AB4D1D7-8986-47EA-BDA0-806D41D41F90}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F3C5261-639C-4935-BCB4-3A4E6B40A10E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FB4748B-94DB-42B9-AADF-B9FD686E09D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{51401DFF-2CFF-4C93-B7D0-617622C9AB27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{54686863-8A06-4AD5-B4FA-8ABFDC74329A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{556E60E8-35B6-409A-8EF6-642E5F10D0A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{592079F9-7C4B-4980-94FB-D01D8BD6374F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5BBF57A8-4790-4611-8C21-AC033039510D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65694153-3B42-4C03-9171-B12A8D2C4C7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66E4756E-C116-443E-8141-302CC9C8D6C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6E382AC5-CDA8-4ED9-90C3-633167656D05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75E7D6EF-7872-48DD-86DB-2F04C4AE09CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{76C58892-3442-4583-BD3B-517C8F473587}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78DA0654-CF24-4D80-9B30-3D30198041F0}" = protocol=6 | dir=out | app=system |
"{7E242C9A-4642-429C-8AFA-6A5C023138DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{81ADF763-C108-4F56-BA48-AECB0BD697DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DB041A2-8698-43C8-950C-265F00358BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{B2BF9B61-11E4-4720-83B0-4C24D4A586DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{BB5B079C-D9BF-4A2F-BB9D-E1F50C1D3B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BC5F5AD4-49D8-456E-8F23-9E2077139D12}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE3BA9E0-AE80-4E5F-911B-35FF5F11B60E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{C40C3541-008A-4F51-9C0A-22A8C6296717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{C6D2F85E-B5BB-4D0C-95F1-4B9FE20709C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{D3E4738D-44E8-4BC1-A0D9-4E9C374BE355}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4A69858-5F0A-4E2A-AF2D-39AF3252C625}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E00DD832-CBC9-4228-9196-B3401FFC8B84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3DE8608-ED28-4F30-A4DA-3D6EBC32FBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{E6DE3D54-225E-42ED-B6C6-9468A9665170}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{E992837E-E7A2-44E3-B05E-5F6A83F6CDD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBA0FAEC-A462-443A-A0B0-7EFBE5AF63D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FFB7138E-988F-4A25-B53F-2CADBCB58B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{4C0D82C5-6552-4271-9784-4C33E1DA59F6}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{562ABD36-6350-446C-8FEB-467046037693}C:\users\macbook\desktop\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\macbook\desktop\xampp\apache\bin\httpd.exe |
"TCP Query User{7AE37635-315F-4722-80FC-E959959B8C90}C:\users\macbook\desktop\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\macbook\desktop\xampp\mysql\bin\mysqld.exe |
"TCP Query User{98A0E80F-4728-45FB-AD2F-4AEE74BED4FE}C:\program files (x86)\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{9F8DF61A-437A-4D5A-9FB8-2A5C1E761EB1}C:\program files (x86)\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{27369301-0261-40BC-B5B4-9384D42F0C54}C:\users\macbook\desktop\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\macbook\desktop\xampp\mysql\bin\mysqld.exe |
"UDP Query User{37D95418-301A-4B76-95BF-67FD47929484}C:\program files (x86)\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{4384182F-B00D-4D69-A828-125283FCD5E2}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{7BFD1D0F-B6FA-4A20-9FEE-E29EF9C01655}C:\users\macbook\desktop\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\macbook\desktop\xampp\apache\bin\httpd.exe |
"UDP Query User{90F98FFE-0301-4777-8B56-9ED5588705FE}C:\program files (x86)\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\return to castle wolfenstein\wolfmp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94CBEA74-DE51-FE55-8A0E-CFB5FC970517}" = AMD Catalyst Install Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}" = Boot Camp-Dienste
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D5DBA621-6DFA-4773-9798-28AF8F7C1FE7}" = Parallels Tools
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"0B6B49213CF56838AFC233905FA14AC47EAA9B28" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)
"110E24F054DE5F4F72985BC1F3A53F61985BD4CC" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22)
"159439476E3A00F9FAE49DD6C1A78F2F6288A5B9" = Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0)
"26D089A9557429904D9851293EA25C911B64CCF8" = Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30)
"455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"57AFA39B22ADEC4E383572E9331167546EB3C9C7" = Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
"5BEF08C10896D86DC13394FFA75874564B700368" = Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
"703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C9678A21221D0575C74AF7CE68E28C2771F9E41" = Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"C7DD621795A42EAE550280D4D7601459F35C4EC2" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
"CB599752301BCA080D135697FDD05900F5A5CF4C" = Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
"CCleaner" = CCleaner
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"D76172B51B1ECB34E38F97F42F51B7A46FA15F52" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0)
"EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
"F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
"F71DB41300D30088C8D3716343D1429488E605C1" = Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java(TM) SE Development Kit 6 Update 27
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9F3ECA39-8EF2-4104-BD70-B39C71A18F99}" = MonoDevelop 2.8.5.1
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D865910F-C442-4EAD-91B0-5D259249404A}" = Mono for Android 4.0.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F2E74DFF-729F-915A-560D-1545183D64CF}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8055
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"Artisteer 3" = Artisteer 3
"CloneDVD2" = CloneDVD2
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.80
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"HTPE3" = HyperTerminal Private Edition v6.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Notepad++" = Notepad++
"PE Explorer_is1" = PE Explorer 1.99 R6
"PellesC" = Pelles C for Windows
"PowerISO" = PowerISO
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"SpeedFan" = SpeedFan (remove only)
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 55100" = Homefront
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"efcde0ccb1039156" = Xamarin Installer Mono for Android
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2012 10:55:32 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.06.2012 10:55:33 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.06.2012 10:55:50 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.06.2012 10:57:49 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.06.2012 11:41:06 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.06.2012 12:45:15 | Computer Name = Macbook-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.07.2012 13:02:11 | Computer Name = Macbook-PC | Source = Application Hang | ID = 1002
Description = Programm InstallFlashPlayer.exe, Version 11.3.300.265 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a48 Startzeit: 01cd604ff501e18a Endzeit: 0 Anwendungspfad: C:\Users\Macbook\AppData\Local\Temp\66FD.dir\InstallFlashPlayer.exe
Berichts-ID:
3fd33238-cc43-11e1-876a-e4ce8f4ad9b1
Error - 13.07.2012 06:24:20 | Computer Name = Macbook-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d08 Startzeit:
01cd60e14a26215c Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e1818e42-ccd4-11e1-86d2-e4ce8f4ad9b1
Error - 14.07.2012 16:49:11 | Computer Name = Macbook-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Macbook\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 14.07.2012 16:59:40 | Computer Name = Macbook-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.87 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c78 Startzeit:
01cd6203390d044d Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Berichts-ID:
d140a620-cdf6-11e1-872e-e4ce8f4ad9b1
[ System Events ]
Error - 13.07.2012 09:58:57 | Computer Name = Macbook-PC | Source = VDS Basic Provider | ID = 33554437
Description =
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:03:34 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR6 gefunden.
Error - 13.07.2012 10:06:04 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR7 gefunden.
Error - 13.07.2012 10:06:04 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR7 gefunden.
Error - 13.07.2012 10:06:04 | Computer Name = Macbook-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR7 gefunden.
< End of report >
| Malwarebytes Anti-Malware : Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.14.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Macbook :: MACBOOK-PC [Administrator]
16.07.2012 15:00:02
mbam-log-2012-07-16 (15-00-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417868
Laufzeit: 1 Stunde(n), 39 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| Proxy ist bewust so eingestellt.
Zudem kann ich nicht mehr auf eine SD Karte schreiben, da ich immer einen Fehler bekomme wegen eines E/A-Fehlers, keine Ahnung ob das mit den Prozessen zu tun hat oder nicht.
Danke schon mal
|
16.07.2012, 16:50
Linear-Darstellung
