| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.12.2012, 20:25
| #1 |
 |  Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Hallo, ich habe beobachtet, dass bei meinem Laptop die CPU-Nutzung im Leerlauf manchmal für kurze Zeit von ungefähr 0-6% auf 10-17% anschwillt. Jedoch beträgt sie nach einem Neustart nie unter 5%. Auch die Strg-Taste hat sich heute schon eigenmächtig betätigt. Dadurch habe ich jetzt den Verdacht, Schadprogramme oben zu haben... Wie sieht das dann mit dadurch infizierten USB-Sticks aus? Würde es schon reichen, sie einfach nur neu zu formatieren, um diese virenfrei zu bekommen? Will natürlich auch noch die Festplatte und externe Festplatte frei bekommen  Danke schon mal im Vorraus! Geändert von temrix (08.12.2012 um 20:34 Uhr) |
|
11.12.2012, 17:02
| #2 |
| /// Helfer-Team  | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
12.12.2012, 17:19
| #3 |
| | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Ich bin gerade draufgekommen, dass ich noch eine TrueCrypt-Partition habe, soll ich diese auch scannen bzw. nur mit Malwarebytes oder auch mit OTL?
__________________Hier einmal die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.11.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: *****-HP [Administrator] Schutz: Deaktiviert 11.12.2012 19:37:39 mbam-log-2012-12-11 (19-37-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 737515 Laufzeit: 3 Stunde(n), 27 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 12.12.2012 00:11:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: ***** | Language: DE | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 3,56 Gb Available Physical Memory | 44,79% Memory free 15,90 Gb Paging File | 11,53 Gb Available in Paging File | 72,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 682,98 Gb Total Space | 384,42 Gb Free Space | 56,29% Space Free | Partition Type: NTFS Drive D: | 15,36 Gb Total Space | 1,62 Gb Free Space | 10,54% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 177,68 Gb Free Space | 38,15% Space Free | Partition Type: NTFS Computer Name: *****-HP | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin (The Document Foundation) PRC - C:\Program Files (x86)\LibreOffice 3.6\program\soffice.exe (The Document Foundation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Windows\vVX3000.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\LibreOffice 3.6\program\libxml2.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\URE\bin\msci_uno.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\pangolo.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\pangowin32lo.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\pangocairolo.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\libcroco-0.6-3.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\librsvg-2-2.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\intl.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\gsf-1.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\cairo.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\libxslt.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\pythonloader.uno.dll () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\python-core-2.6.1\lib\_socket.pyd () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\python-core-2.6.1\lib\_ssl.pyd () MOD - C:\Program Files (x86)\LibreOffice 3.6\program\pyuno.pyd () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\21303503faca86dc22acdb09dea9caa6\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\20e6ed751491ededa81930ae57e20a25\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll () MOD - C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.0.18\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll () MOD - C:\Program Files (x86)\Last.fm\ext_messengernotify.dll () MOD - C:\Program Files (x86)\Last.fm\ext_skypenotify.dll () MOD - C:\Program Files (x86)\Last.fm\srv_madtranscode.dll () MOD - C:\Program Files (x86)\Last.fm\srv_httpinput.dll () MOD - C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll () MOD - C:\Program Files (x86)\Last.fm\breakpad.dll () MOD - C:\Program Files (x86)\Last.fm\Moose1.dll () MOD - C:\Program Files (x86)\Last.fm\LastFmTools1.dll () MOD - C:\Program Files (x86)\Last.fm\libfftw3f-3.dll () MOD - C:\Program Files (x86)\Last.fm\zlibwapi.dll () MOD - C:\Program Files (x86)\Last.fm\QtNetwork4.dll () MOD - C:\Program Files (x86)\Last.fm\QtSql4.dll () MOD - C:\Program Files (x86)\Last.fm\QtGui4.dll () MOD - C:\Program Files (x86)\Last.fm\QtXml4.dll () MOD - C:\Program Files (x86)\Last.fm\QtCore4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation) SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symds64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NIWinCDEmu) -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys () DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ironx64.sys (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys (Symantec Corporation) DRV:64bit: - (rspLLL) -- C:\Windows\SysNative\drivers\rspLLL64.sys (Resplendence Software Projects Sp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20121210.024\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20121210.024\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20121208.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 BB 98 56 8C CD CD 01 [binary data] IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://duckduckgo.com/" FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2012.10.18 18:36:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2012.12.09 12:01:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.29 11:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.12.08 11:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\4nrb117h.default\extensions [2012.09.26 06:54:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\4nrb117h.default\extensions\firefox@ghostery.com [2012.08.08 19:18:39 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4nrb117h.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012.12.06 17:16:38 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4nrb117h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.23 12:28:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4nrb117h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.20 16:28:45 | 000,010,316 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4nrb117h.default\searchplugins\duckduckgo.xml [2012.05.29 12:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.29 12:19:45 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2012.10.27 14:09:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 23:46:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&client=ubuntu&channel=cs&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Disabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Disabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Website Logon = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: PanicButton = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\ CHR - Extension: AdBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.49_0\ CHR - Extension: YouTube Options for Google Chrome\u2122 (Full Version) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd\1.8.91_0\ CHR - Extension: YouTube Options for Google Chrome\u2122 (Full Version) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd\1.8.92_0\ CHR - Extension: YouTube Options for Google Chrome\u2122 (Full Version) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd\1.8.95_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3390718732-3328125451-2647672254-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12E22028-499A-4723-AACB-1FE4C18A9C75}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.11 11:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [2012.12.11 11:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoGebra 4.2 [2012.12.10 23:16:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.12.10 20:41:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012.12.10 20:41:25 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2012.12.08 18:30:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.12.08 18:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.08 18:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.08 18:30:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.08 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.28 18:18:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Fax [2012.11.25 20:34:08 | 000,000,000 | R--D | C] -- C:\Users\*****\Contacts [2012.11.24 18:54:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.11.24 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\MIDI [2012.11.17 23:51:04 | 000,000,000 | ---D | C] -- C:\Users\*****\shared [2012.11.17 23:29:20 | 000,000,000 | ---D | C] -- C:\Users\*****\VirtualBox VMs [2012.11.17 23:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.11.17 16:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.17 16:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.15 08:30:49 | 000,000,000 | ---D | C] -- C:\Windows\fomus [2012.11.15 08:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOMUS [2012.11.15 08:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOMUS [2012.11.15 08:04:56 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 08:04:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 08:00:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 08:00:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 08:00:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 08:00:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 08:00:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 08:00:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 08:00:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 08:00:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 07:59:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 07:59:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 07:59:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 07:59:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 07:59:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 07:59:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 07:59:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 00:45:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 00:45:59 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 00:45:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 00:45:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\MoreTerra [2012.11.14 09:47:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 09:47:13 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 09:47:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 09:47:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 09:47:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 09:47:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 09:47:09 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 09:47:09 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 09:47:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 09:46:31 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 09:46:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.11 23:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.11 21:30:48 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.11 21:30:48 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.11 20:58:13 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.11 20:55:03 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 20:55:02 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.11 19:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.09 12:09:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 12:09:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 12:01:14 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2012.12.08 19:27:05 | 001,795,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.08 19:27:05 | 000,762,184 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.08 19:27:05 | 000,717,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.08 19:27:05 | 000,172,538 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.08 19:27:05 | 000,145,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.08 15:03:34 | 000,294,944 | ---- | M] () -- C:\Users\*****\Desktop\bookmarks.html [2012.12.08 15:03:23 | 000,163,697 | ---- | M] () -- C:\Users\*****\Desktop\bookmarks-2012-12-08.json [2012.12.08 15:01:42 | 000,053,565 | ---- | M] () -- C:\Users\*****\Desktop\bookmarks_08.12.12.html [2012.12.05 11:52:12 | 000,313,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.28 18:33:31 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.11.28 18:33:31 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.11.28 18:33:31 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.11.28 18:33:31 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.11.25 13:05:47 | 000,002,418 | ---- | M] () -- C:\Users\*****\.lmmsrc.xml [2012.11.25 12:33:02 | 000,067,664 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.mscx [2012.11.25 12:22:58 | 000,001,718 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.mid [2012.11.25 12:18:18 | 000,067,631 | ---- | M] () -- C:\Users\*****\Desktop\.Unbenannt.mscx, [2012.11.25 11:44:52 | 000,005,231 | ---- | M] () -- C:\Users\*****\Desktop\OewSong.mscz [2012.11.23 16:27:44 | 000,004,872 | ---- | M] () -- C:\Users\*****\Fragile_Blossom.mscz [2012.11.17 23:27:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.11.17 01:16:37 | 000,001,263 | ---- | M] () -- C:\Users\*****\Desktop\GNU Solfege.lnk [2012.11.16 23:16:42 | 000,113,492 | ---- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012.11.15 08:22:12 | 000,000,017 | ---- | M] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.08 15:03:33 | 000,294,944 | ---- | C] () -- C:\Users\*****\Desktop\bookmarks.html [2012.12.08 15:03:23 | 000,163,697 | ---- | C] () -- C:\Users\*****\Desktop\bookmarks-2012-12-08.json [2012.12.08 15:01:42 | 000,053,565 | ---- | C] () -- C:\Users\*****\Desktop\bookmarks_08.12.12.html [2012.12.05 11:51:57 | 000,313,256 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 12:22:58 | 000,001,718 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.mid [2012.11.25 11:51:32 | 000,067,664 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.mscx [2012.11.25 11:51:32 | 000,067,631 | ---- | C] () -- C:\Users\*****\Desktop\.Unbenannt.mscx, [2012.11.25 11:39:14 | 000,005,231 | ---- | C] () -- C:\Users\*****\Desktop\OewSong.mscz [2012.11.23 16:27:44 | 000,004,872 | ---- | C] () -- C:\Users\*****\Fragile_Blossom.mscz [2012.11.17 23:27:11 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.11.17 01:16:37 | 000,001,263 | ---- | C] () -- C:\Users\*****\Desktop\GNU Solfege.lnk [2012.11.16 23:16:42 | 000,113,492 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.11.15 08:22:12 | 000,000,017 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2012.11.15 08:04:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 00:45:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.07.27 18:28:48 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ppa_service.exe [2012.07.27 18:28:48 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\ppa_service.dll [2012.07.27 18:28:48 | 000,000,750 | ---- | C] () -- C:\Windows\SysWow64\ppa_service.dat [2012.07.05 18:47:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.05.30 18:23:57 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.30 18:23:55 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc (1).exe [2012.05.30 18:23:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.30 17:09:51 | 000,002,418 | ---- | C] () -- C:\Users\*****\.lmmsrc.xml [2012.05.28 16:58:21 | 001,824,936 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.27 13:36:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.27 13:28:31 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.05.27 13:27:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.30 21:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.08.09 07:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.09 07:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 07:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 06:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.03.17 12:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.12.2012 00:11:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: ***** | Language: DE | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 3,56 Gb Available Physical Memory | 44,79% Memory free
15,90 Gb Paging File | 11,53 Gb Available in Paging File | 72,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682,98 Gb Total Space | 384,42 Gb Free Space | 56,29% Space Free | Partition Type: NTFS
Drive D: | 15,36 Gb Total Space | 1,62 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 177,68 Gb Free Space | 38,15% Space Free | Partition Type: NTFS
Computer Name: *****-HP | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06045455-6439-45BC-9D6C-C2A1EF48DBE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AF54124-ED29-465B-9F43-36FD27F9969B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D8BCD35-C02F-4F85-9447-3D3B922AF4F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8122E5F2-6923-487D-803E-ED78036996AB}" = rport=137 | protocol=17 | dir=out | app=system |
"{925B33E1-9E79-4AD3-8CB0-6AACBC63B935}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF06C952-2152-4F93-8240-981D642855C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF07723F-B615-4C8C-88E6-6F53A3486705}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8A47CAA-81EF-448A-A42B-38FD93F1EE4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7A94606-F782-4342-B711-C9DCEEC072AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1337CD7-7370-46E6-8B69-C70205067611}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFE20B8F-7D21-4C99-BBD8-BBE12496EA47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0CDF0E1-AF08-4DD1-B66F-C75FF8B38A45}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FD4D9C17-8D5A-4157-9397-8983A98F5C22}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF9DC254-FD3C-4B7C-8CBD-ABB5C553B80F}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015C7DE1-F148-453D-AF2E-E9EF9EAC98D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{059E5217-38D4-4D7C-973C-CC7983A8ABB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{06CA8EF3-DC8E-4DB8-AB10-2D7F78B1BF4D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0CCAB957-9329-4395-A1B4-A6BA0D698FE8}" = protocol=6 | dir=in | app=c:\games\crossfire\cf_g4box.exe |
"{0D92F206-E861-4261-B0AD-CC6C9909DF75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{112C7C2E-3E62-4E64-BE56-3623B3A754D4}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1374A5EC-44E6-4E0A-A037-827F9778E3FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{14B20748-AE77-4352-BC1E-C4605B28877A}" = protocol=6 | dir=in | app=c:\program files (x86)\national guard\guard shield\prism.exe |
"{16069B81-7681-46BE-ACDE-DC046FBB50D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{16A4FBFB-D9A8-477A-981C-F8C4700F077E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{17CBDFE5-D8E1-4C7A-B560-42E4226D43AC}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1D92F5E3-A0FE-4139-8CA6-64F2146E2558}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{1F9F9146-F0D3-4EDE-A68B-680A40EFA138}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{207A4893-FED9-4F63-B03B-A4C77AE06C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{2211ADDD-150E-473E-A148-599B3467A3D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base 2007\hl2.exe |
"{2355BC12-2BCC-4E45-9D1C-3BAE3208FBD0}" = protocol=17 | dir=in | app=c:\games\xonotic\xonotic-x64.exe |
"{269E7799-7EB1-4A11-BC71-E47ADBA34831}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{30CF275E-8FFF-4F53-9DA9-F9D9722016D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{357CAA22-2A41-407A-9DF3-CAE97ABEAE18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{35C7C784-E7FE-483A-BAEA-697E6EF48747}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3948B197-DF03-4EE1-8F17-98AEB01BC241}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AE44E47-6DD6-4DA1-AAB0-ACD7A2B8ABB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{3D791806-A4F2-4A07-9343-DCCE815C5C02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{4ABDD5C5-BDEE-480C-8212-CF1BBE8AA38F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base 2007\hl2.exe |
"{4DF31977-ED5A-405A-B8DB-6CB9D1CB8018}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F605C9F-BF68-449C-BEE1-3D03ADC269F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{505D7903-00D1-4FC5-BC64-68CA2C511434}" = protocol=17 | dir=in | app=c:\games\nightmare house 2\hl2.exe |
"{506C2841-C2D1-4D20-A90E-F67E309D5C62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{523A16C5-C6BA-4E90-93BD-7D79E88B8ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{5535EC74-913B-451D-A09D-D148540BB070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{55DDA4A0-7F11-4EEE-B71F-E81905DFA4EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{57907C2A-52F0-4455-8F37-26EE584DE785}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{58FE87DD-D317-403A-B305-624E1F46D655}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{59ABA9DA-EB13-4068-9735-BF8C75709E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{5A1890E0-4B96-453F-81C7-ADD7E27477CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C3EE307-CBC7-4487-AF78-B3F93AD0F107}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5FFECAE9-4815-40ED-AEE0-16E11B90BC7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{66267216-AFAE-4867-8076-5FA0F7D4B93C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{731917A5-86BE-46BF-9FAE-83AE0AFE9A31}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{73E93EDD-C946-4EC4-8736-0EB65700F1A1}" = protocol=6 | dir=in | app=c:\games\xonotic\xonotic-x64.exe |
"{789A3061-7813-4F70-8E4D-16A6BACB47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{7D2B0438-9994-45F4-A051-18A10ED32753}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7D9DD35F-BACA-4640-89D2-D090E881BEE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{80F1E674-B00A-49BA-AE99-649D11BA6868}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{85FF6FF9-1FC1-4A77-9F05-7264CC9FF26C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base 2007\hl2.exe |
"{86F3DF1E-A5A1-4894-90AE-29FE612AECF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{8AE2A14A-CDFF-4EF3-B888-A99E1B2EFBCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{8C72804F-29DA-45F7-A392-E256B6CA815E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{91768999-7095-4E46-BA50-3A1428C5878E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{918B84EA-9167-4D80-8B66-6060061FFABE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{93BA7A8A-8A5A-434B-B0B0-2F33F839C101}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{93FD4B8E-09F5-462E-909C-6134FBFCAA66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{9B22B830-135F-41C0-A748-B1C01AF71056}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{9C892C5D-2B38-4B9E-B04F-7F784D4B7481}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9FE2A01A-72A9-445C-A259-EEE6F6815C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{A1ED6253-B50B-45E0-B123-C69A9F38D9D7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A34EE2FE-13EB-4869-9A16-71DB26BAA51F}" = protocol=6 | dir=in | app=c:\users\*****\downloads\tor browser\app\tor.exe |
"{A39BBFD7-3CEB-484B-82FE-CE46A1ACDDE6}" = protocol=6 | dir=in | app=c:\games\nightmare house 2\hl2.exe |
"{A3EA1257-1278-41C2-B509-19ACD8F0B7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\national guard\guard shield\prism.exe |
"{A425BF66-BE0C-4946-BCD3-A3F1EFD8783A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{A5BFA90C-6669-4148-B518-EC37A8B21CBC}" = protocol=17 | dir=in | app=c:\games\crossfire\cf_g4box.exe |
"{A65BA528-F28C-4B98-BC95-71BFC27B4EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{AAD45331-75FE-4BE3-BB7A-BE7DDBC3402F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{AB4E001A-8237-4BC0-9FCA-05E4E23FC090}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0351117-C71E-4AED-B8B2-FCB7901C63F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{B0FC2BB8-CEB5-4258-94F3-41D4484C9742}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{B256F530-B091-484B-BF6C-E92BBC26764C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{B356A55C-7B75-475A-811F-E5938F3F13AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{B496C53D-793C-4CD6-9CE7-661EC09A13A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B9E527D9-AE3C-4845-AD5C-6B8F7075F67F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{C0EC5A92-D75D-49E6-8478-9EA9BC7E08A1}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{C1F3786C-CFDF-4081-8494-83DA68FE98B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{C6D61FE0-DF45-42E7-9C39-7BA6C925FE8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{C9826A46-28B6-425B-955A-2ACA34116BDA}" = protocol=17 | dir=in | app=c:\users\*****\downloads\tor browser\app\tor.exe |
"{CACEB972-4660-4407-87E3-AE94CF4B063C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{CC3F73A2-6DC3-463C-928B-78A056106964}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base 2007\hl2.exe |
"{D4354B6E-1DC2-433E-8D6E-676F52F02FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{E0AF9CA1-088C-4D39-BE68-FECA8AA7201C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E343B27C-6EF4-4CC1-8B34-0EC1968AD81E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{EA3CD729-7E96-479D-B1BC-A8A6D86D4D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{ED7B1E12-CDD3-4868-A9B5-D8EE5F9A5489}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{EF2D38B2-416C-48DB-BB4F-D86813A4E688}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3883CA3-B174-4F83-9DF0-A142AA722351}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{F8FA7D28-E995-405C-BEF1-F3ED039D8244}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{FDC16F2B-5AF2-4E03-A753-8AA28558E615}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"TCP Query User{51EDEA88-A26C-40C6-9A80-1FECEF69DAA5}C:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"TCP Query User{64EA19F7-3E0F-4E35-93B1-8C9C7340A65E}C:\users\*****\downloads\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\tor browser\app\tor.exe |
"TCP Query User{67670ED8-B503-414D-B40A-89A3468EF46F}C:\games\xonotic\xonotic-x64.exe" = protocol=6 | dir=in | app=c:\games\xonotic\xonotic-x64.exe |
"TCP Query User{8B42AF2C-722C-46C2-B3B2-98730D383B49}C:\program files (x86)\steam\steamapps\temrix443\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base\hl2.exe |
"TCP Query User{8F65149A-314F-4540-9F3A-50FF15EBB3B1}C:\games\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\games\nexuiz\nexuiz.exe |
"TCP Query User{912336E4-F163-4F2F-8AF7-7A57EF224003}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"TCP Query User{94321F4E-7AC5-4958-92A0-37A7FB4DBC6D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{953DAB61-1AD2-4461-903E-687ACF7E8CBA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{99135E75-2CAD-4E3B-A761-6799336DDABD}C:\games\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\games\openarena-0.8.1\openarena.exe |
"TCP Query User{AB48E917-8586-498F-9A61-78A75A1D6178}C:\games\nightmare house 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\nightmare house 2\hl2.exe |
"TCP Query User{CF45FD96-66FA-4F69-BA27-E83C435926FB}C:\program files (x86)\supercollider-3.5.4\sclang.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider-3.5.4\sclang.exe |
"UDP Query User{1280C84D-0BC6-408E-96CA-34220CEAC700}C:\games\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\games\nexuiz\nexuiz.exe |
"UDP Query User{33501019-3F83-4E51-8654-A0A4D4A1F895}C:\games\xonotic\xonotic-x64.exe" = protocol=17 | dir=in | app=c:\games\xonotic\xonotic-x64.exe |
"UDP Query User{35496D5F-7533-4659-BF42-387C451022B8}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{388B14AE-59E2-4ADD-9B15-AD5A8E9D9CD8}C:\users\*****\downloads\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\tor browser\app\tor.exe |
"UDP Query User{5D0BC07D-B6D3-413F-A83D-AE9F91387B2D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{90E732C2-0E41-45E8-8D12-8D42D160B5A7}C:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"UDP Query User{97D9149A-634B-4260-9E8B-D0A8926ED07D}C:\games\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\games\openarena-0.8.1\openarena.exe |
"UDP Query User{BEE2D61A-ACE4-40C4-94CA-ADE5B698D463}C:\games\nightmare house 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\nightmare house 2\hl2.exe |
"UDP Query User{C01AFE9A-1E71-4BE9-91FF-9D973293BAFD}C:\program files (x86)\steam\steamapps\temrix443\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\temrix443\source sdk base\hl2.exe |
"UDP Query User{C35898DA-6A21-4B3C-9D45-E47D9AC0E167}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{F620CDC4-88CA-4C37-8C80-2063F5EB7C9A}C:\program files (x86)\supercollider-3.5.4\sclang.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider-3.5.4\sclang.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18369253-E53F-4A47-818E-082DFB950872}" = Yamaha USB-MIDI Driver
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2BBE23DB-F92C-4319-9179-7E79717EE9AC}" = Native Instruments Komplete 8 Players
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76785052-9E6A-4403-B06A-929B6BF9D742}" = HP 3D DriveGuard
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8812511F-8D8C-49D3-A711-C9650B2F5566}" = Native Instruments Guitar Rig Factory Selection for Maschine
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E7D0A7F-B85F-44DC-8C1C-2A2C27BAEA0B}_is1" = Psycle 1.10.0 64 bits
"{904FBA88-9E59-423f-B1C7-E03C9B1AA2EE}" = Canon MP800R
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"LatencyMon_is1" = LatencyMon 4.01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3FCC59-5231-4634-882C-BF8B511392C5}" = calibre
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56B8673F-EC44-4891-9FB7-332EA0189BAB}" = FOMUS
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}" = LibreOffice 3.6
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{C77157BC-EC21-422F-8901-64B3D34ED67D}" = LibreOffice 3.6 Help Pack (German)
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Areca" = Areca
"Audacity_is1" = Audacity 2.0
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Desura" = Desura
"Desura_78915729096720" = Desura: G String
"Digital Fake Book_is1" = Digital Fake Book Version 1.9.7
"DreamStation I" = DreamStation I
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031
"GeoGebra" = GeoGebra
"GeoGebra 4.2" = GeoGebra 4.2
"GNU Solfege_is1" = GNU Solfege 3.20.6.1
"Grey" = Grey 1.1.0
"InstallShield_{18369253-E53F-4A47-818E-082DFB950872}" = Yamaha USB-MIDI Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm 1.5.4.27091
"LinuxLive USB Creator" = LinuxLive USB Creator
"lmms" = LMMS 0.4.13
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.1" = Canon MP Navigator 2.1
"Mp3tag" = Mp3tag v2.53
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Factory Selection for Maschine" = Native Instruments Guitar Rig Factory Selection for Maschine
"Native Instruments Komplete 8 Players" = Native Instruments Komplete 8 Players
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"OpenAL" = OpenAL
"Origin" = Origin
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Steam App 218" = Source SDK Base 2007
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WirisDesktop" = WIRIS Desktop
"ZynAddSubFX" = ZynAddSubFX 2.2.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3390718732-3328125451-2647672254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.11.2012 15:35:45 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12995
Error - 29.11.2012 15:35:45 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12995
Error - 29.11.2012 15:35:46 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.11.2012 15:35:46 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13993
Error - 29.11.2012 15:35:46 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13993
Error - 29.11.2012 15:35:47 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.11.2012 15:35:47 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14992
Error - 29.11.2012 15:35:47 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14992
Error - 29.11.2012 15:35:48 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.11.2012 15:35:48 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15990
Error - 29.11.2012 15:35:48 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15990
Error - 29.11.2012 15:35:49 | Computer Name = *****-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ HP Connection Manager Events ]
Error - 27.05.2012 09:00:32 | Computer Name = *****-HP | Source = hpCMSrv | ID = 5
Description = 2012/05/27 15:00:32.101|00001470|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 27.05.2012 09:34:35 | Computer Name = *****-HP | Source = hpCMSrv | ID = 5
Description = 2012/05/27 15:34:35.341|000015C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ System Events ]
Error - 25.10.2012 06:36:14 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 25.10.2012 06:51:12 | Computer Name = *****-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.10.2012 06:03:04 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 26.10.2012 19:28:00 | Computer Name = *****-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 27.10.2012 04:38:14 | Computer Name = *****-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?10.?2012 um 01:32:37 unerwartet heruntergefahren.
Error - 27.10.2012 04:40:41 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.10.2012 08:54:32 | Computer Name = *****-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 27.10.2012 09:03:21 | Computer Name = *****-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 28.10.2012 06:07:59 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 29.10.2012 08:21:37 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
|
|
13.12.2012, 18:23
| #4 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
13.12.2012, 21:53
| #5 |
| | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigtCode:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.13.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]
13.12.2012 21:51:11
mbar-log-2012-12-13 (21-51-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31962
Time elapsed: 11 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
15.12.2012, 15:34
| #6 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Was zeigt der Taskmanager an? Sortiere mal nach CPU Nutzung und mache ein Screensot.
__________________ --> Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt |
|
22.12.2012, 20:36
| #7 |
| | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Die CPU-Last ist in der Zwischenzeit kein einziges Mal im Leerlauf merklich gestiegen. Vorher war fast immer nach längerem Betrieb ein Pendeln zwischen 15% bis 30%. |
|
23.12.2012, 09:20
| #8 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach ESET Online Scanner Vorbereitung
|
|
23.12.2012, 10:18
| #9 |
| | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigtCode:
ATTFilter # AdwCleaner v2.101 - Datei am 23/12/2012 um 10:13:37 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\4nrb117h.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v22.0.1229.79
Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [914 octets] - [23/12/2012 10:13:37]
########## EOF - C:\AdwCleaner[S1].txt - [973 octets] ##########
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=00ad87537c6acf4fa568e84c51a2e866
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-23 09:26:07
# local_time=2012-12-23 10:26:07 (+0100, Mitteleuropäische Zeit)
# country="*****"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3590 16777213 100 87 2484982 175272953 0 0
# compatibility_mode=5893 16776574 100 94 5672882 107884617 0 0
# scanned=247
# found=0
# cleaned=0
# scan_time=14
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=00ad87537c6acf4fa568e84c51a2e866
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-23 05:26:57
# local_time=2012-12-23 06:26:57 (+0100, Mitteleuropäische Zeit)
# country="*****"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3590 16777213 100 87 2513832 175301803 0 0
# compatibility_mode=5893 16776574 100 94 5701732 107913467 0 0
# scanned=530498
# found=0
# cleaned=0
# scan_time=28520
|
|
26.12.2012, 12:55
| #10 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
12.02.2013, 16:44
| #11 |
| | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Chrome 24.0.1312.57 ist aktuell Flash (11,5,31,137) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader ist nicht installiert oder aktiviert. |
|
13.02.2013, 15:01
| #12 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
13.04.2013, 18:59
| #13 |
| /// Helfer-Team | Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Verdacht auf Schadsoftware - erhöhte CPU-Nutzung, Strg von selbst betätigt |
| cpu auslastung hoch, einfach, formatiere, formatieren, heute, infizierte, infizierten, kurze, laptop, leerlauf, neustart, reichen, schadsoftware, strg, tastenkombination, verdacht, verdacht auf trojaner, von selbst |
Linear-Darstellung
