| |
| |||||||
Log-Analyse und Auswertung: Pc ist langsamer geworden ... hier ein paar LogsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.06.2013, 14:39
| #1 |
| |  Pc ist langsamer geworden ... hier ein paar Logs Mein Problem liegt darin, dass sich die Leistung des Computers verschlechtert hat (vor allem die Verbindung mit dem Internet). Aus dem Grund habe ich ein bisschen gegoogelt und bin auf dieses Forum gestoßen. Ein User half einen anderen User schon einmal mit ein paar Tipps. Diese bin ich selber durchgegangen und nun wollte ich euch die Loggs dazu schicken. ADWCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 15:14:02 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IB Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5368c8dbc6db845
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5528 octets] - [14/06/2013 15:14:02]
########## EOF - C:\AdwCleaner[S1].txt - [5588 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.06.2013 15:16:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,34% Memory free 15,92 Gb Paging File | 14,17 Gb Available in Paging File | 88,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 285,31 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 15:16:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe PRC - [2013.05.24 16:58:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.02 11:53:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.25 17:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.25 17:13:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.21 02:31:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 16:58:48 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.10.22 10:44:04 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.24 16:58:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.18 11:33:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.23 14:48:24 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.25 17:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.25 17:13:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2013.02.21 02:31:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.17 12:39:34 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.25 17:13:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.25 17:13:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.25 17:13:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.06 23:27:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.18 19:02:15 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.12.18 19:02:06 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2012.12.18 19:02:06 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2012.12.17 12:39:26 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.10.22 12:09:58 | 002,206,864 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.08.31 14:55:52 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.06 11:29:18 | 000,025,680 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ntcdrdrv.sys -- (ntcdrdrv) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.01.16 19:24:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013.01.16 19:21:14 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2013.01.16 19:20:59 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.findrsearch.com IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 BA DF 99 00 F4 CD 01 [binary data] IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://pbe.leagueoflegends.com/en/signup/index" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "152.26.53.5" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.05.24 17:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\Profiles\cgeix5sb.default\extensions [2013.05.09 23:31:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\cgeix5sb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 16:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 16:58:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-845884965-989321068-2959287550-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E9463ED-1D67-40CF-8288-F6F2A0413F2E}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC56843F-9FEE-409C-BE97-6FBC9D6E006E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 15:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.14 15:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.14 15:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.10 16:18:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.10 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2013.06.10 14:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI [2013.06.04 07:23:45 | 000,000,000 | ---D | C] -- C:\Malwarebytes [2013.05.24 16:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.05.17 14:01:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PDAppFlex [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 15:19:12 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 15:19:12 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 15:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 15:15:08 | 2117,787,647 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 15:10:07 | 000,648,201 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.06.14 15:09:54 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.14 14:42:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.14 14:42:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.14 14:42:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.14 14:42:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.14 14:42:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.14 14:35:29 | 000,038,331 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.06.12 23:42:00 | 000,000,222 | ---- | M] () -- C:\Users\*****\Desktop\Marvel Heroes.url [2013.06.10 16:29:13 | 000,001,360 | ---- | M] () -- C:\Users\*****\Desktop\kaiba_pc.lnk [2013.06.10 16:29:08 | 000,001,346 | ---- | M] () -- C:\Users\*****\Desktop\joey_pc.lnk [2013.06.10 16:10:54 | 000,001,346 | ---- | M] () -- C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk [2013.06.06 14:43:34 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.05.19 10:04:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 12:53:32 | 002,183,120 | ---- | M] () -- C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav [2013.05.16 14:09:26 | 000,000,903 | ---- | M] () -- C:\Users\*****\Desktop\ePSXe.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.14 15:10:06 | 000,648,201 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.06.14 15:09:54 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.14 15:09:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.14 14:35:29 | 000,038,331 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.06.12 23:42:00 | 000,000,222 | ---- | C] () -- C:\Users\*****\Desktop\Marvel Heroes.url [2013.06.10 16:29:13 | 000,001,360 | ---- | C] () -- C:\Users\*****\Desktop\kaiba_pc.lnk [2013.06.10 16:29:08 | 000,001,346 | ---- | C] () -- C:\Users\*****\Desktop\joey_pc.lnk [2013.06.10 16:10:54 | 000,001,346 | ---- | C] () -- C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk [2013.05.18 12:53:19 | 002,183,120 | ---- | C] () -- C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav [2013.05.16 14:09:26 | 000,000,903 | ---- | C] () -- C:\Users\*****\Desktop\ePSXe.lnk [2013.05.06 02:21:10 | 000,000,052 | ---- | C] () -- C:\Users\*****\.gtk-bookmarks [2013.05.06 01:19:03 | 000,000,059 | ---- | C] () -- C:\Users\*****\.goutputstream-FHEUWW [2013.04.19 16:10:35 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.30 07:07:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.03.30 07:07:23 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.03.30 07:07:23 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.03.30 07:07:22 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.03.29 11:52:38 | 000,001,490 | ---- | C] () -- C:\Users\*****\AppData\Local\RecConfig.xml [2013.03.07 00:55:31 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.06 15:40:02 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.03.06 14:25:00 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.03.06 14:25:00 | 000,003,436 | ---- | C] () -- C:\Windows\unins000.dat [2013.03.03 20:05:03 | 000,002,207 | ---- | C] () -- C:\Windows\cmudaxp.ini [2013.03.03 18:51:22 | 000,005,298 | ---- | C] () -- C:\Windows\Cmudau.ini [2013.01.18 15:13:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.18 15:13:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.18 15:06:05 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.16 19:21:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.01.16 19:07:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.01.16 18:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.27 22:32:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2013.06.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2013.05.10 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\avidemux [2013.06.13 19:26:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Awesomium [2013.04.02 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Boilsoft [2013.01.26 01:07:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2013.04.06 07:11:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.21 11:16:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2013.03.24 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2013.02.21 02:22:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2013.02.01 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GoforFiles [2013.03.23 02:04:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit [2013.01.17 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient [2013.02.15 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Minecraft Version Changer [2013.03.30 06:51:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mkvtoolnix [2013.01.17 18:06:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2013.05.17 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PDAppFlex [2013.03.08 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers [2013.03.23 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony [2013.03.30 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony Creative Software Inc [2013.05.17 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.27 22:21:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2013.02.25 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TechSmith [2013.06.14 14:27:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2013.06.13 19:23:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tunngle [2013.03.26 06:40:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Waterfox Limited [2013.04.02 08:33:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 15:16:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,34% Memory free
15,92 Gb Paging File | 14,17 Gb Available in Paging File | 88,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 285,31 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F56290-4EC3-40D9-93BA-C280A9D247B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A72BFD9-4C5B-4E86-BA16-DE1234BC2B0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26F7ED5C-BB1D-46DF-988D-ECB6A436A661}" = lport=138 | protocol=17 | dir=in | app=system |
"{2B65B5C3-8E65-48A1-80C7-9BE499531AEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30A5B462-083A-450E-B332-B70C232BF586}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BB963CB-3429-44E3-861F-80DDAF0B5250}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{462F2EAF-DB69-4FE0-BECC-DB702F41FC4E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{4C691E83-6905-48D1-B37D-D27645545975}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F06B8E1-EE0A-4722-B6E1-EBEB6BDB81B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66D9B915-C64B-41E4-BE98-96B60FB96558}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AD555E2-5C59-4C56-8ABA-F8CAB1747F70}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BBB47DA-D96F-4C6F-B041-325228589663}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CDAC754-C9F7-4F56-9D8C-FC18B70045AE}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{82EBA9A3-405A-487C-B245-7ED076FEA822}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8E5FB420-C42D-40A9-8E99-50DC41EA376C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F8B8115-F052-4594-9C50-D65E9DD9D985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95A076B2-4C36-422B-8CAA-22EEAEB1E2E2}" = lport=25565 | protocol=6 | dir=in | name=minecraft server |
"{9EDC7A32-A24E-474E-A075-E7C8FC295EED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2D89F2F-28D8-44B8-B6D3-CBE7D149C157}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC1A1133-93F1-4B86-9561-98128425FC42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDEAD212-322B-48B6-8911-7A7F7A12A833}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{BF470EAF-47D5-4F61-A5AF-EAF36E792F53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BFAEF716-FE6D-4AE7-8C92-DF35003B6CDB}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{C0F0C18D-1C24-49B0-9E4C-121CDE59AFA3}" = rport=139 | protocol=6 | dir=out | app=system |
"{D65372D8-0F9C-47BB-B551-3F2B162052E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA3D8CBC-9126-452F-A547-BAEF04BA8150}" = lport=137 | protocol=17 | dir=in | app=system |
"{E248D609-8CD9-479F-A473-2C93A39EFC13}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{EC851E21-B4B1-413C-849A-CCE810C83B92}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{F2590235-FF58-4332-A16C-90F45174C58A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FEA0349E-E955-47EE-9320-3AB9C752C89E}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF4CDBA2-8203-4CAA-B441-D17052C42C2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00516915-24E2-410E-ADE9-C8524F611E48}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{02A6C9A3-91B7-4257-AFE4-3642FDFF87C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{046E5F09-E2B2-4025-A90C-4B4BE3A1FAA5}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{05858180-A137-4365-A9A5-3612B9E50B28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{0771334B-34FE-4625-867A-6496BA38DC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{07CE5330-0234-4889-8CAF-AB932832587A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08900913-4186-4155-BD1D-3285CC46EAD0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0898BD49-EB38-4A59-AAFD-C8500B01C1A9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0C4C2B55-C2C0-4D6F-A0B5-8BB48742CF47}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0D185F8D-C403-4688-8AD9-DB2BC1770936}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{0D4BE042-181F-4342-A208-70596B1F716E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0F071063-5EB6-4966-9DC0-AF8411432504}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{11136AC3-18D2-484A-9A8F-D2B2C2E8AA13}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 3\deadspace3.exe |
"{133EA1B2-8EC9-4D90-BFA0-9AA9056BFDF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14618850-B2B9-41C9-BBBA-4293B67CBD09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{16730E1E-AF79-40CE-A91A-A91C6788EB55}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{173E0028-4ED9-48FC-8F61-431866D9E50A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{18C3CC80-E98A-4961-B68C-BE7961A25DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1EE91103-272A-4B6C-8C36-8EB019673293}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2139E31C-89CD-4075-BD33-267730FC384E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{23B16B63-77E0-41F6-AFA3-FB7FCD7FE628}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{24EC2133-FDCB-4CEE-BB65-4D659F94CDF3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{25FBE8F8-EBDA-4154-B37B-C67C6E1E09EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{27F358F9-F7E4-4F39-9C99-E45F1BBE02F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2962F9FF-72D6-4A24-BADB-5087288D901E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2A754D67-7F7C-418C-8F74-79A53D1E2C9B}" = protocol=6 | dir=out | app=system |
"{2C7B7370-45BD-48DA-AC79-519F1409CDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{2D11477F-D18E-4A13-B5B6-81D295EE0E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{30B9CCCA-F3FD-42EE-ABAA-D2FC06307520}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33CA4455-D159-4227-8096-CF06D68D16BD}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{3941E53C-D8D5-4FCA-A272-37CE1EC3CCCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{39F5831B-BB71-4F11-A502-20F1937C16FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{3B48066B-30AC-496B-9726-EB6995ED3CE7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3BFAC11B-4D88-4ABC-8DEC-D39FECCE8D7C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D91747D-C383-4F7A-B766-9B6A3B504F12}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{3F369A79-BD82-44E4-8DF6-7B4F6D5D636F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FC1FCC5-BE75-4033-8DA2-3D31C8C78155}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{42FF0ECA-BDD4-4156-A28B-74991FC4A5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{436F7425-8856-475A-82F3-64D3EC3EB168}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{43D8A3D1-153A-4678-8C44-ED8064D98E53}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{44824B33-D1FC-4605-982F-DD5AB72E3989}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{452EFA12-DF9D-472A-9489-B4D6D1B94AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48AFF614-402F-42A2-AE9D-464A5942331B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AA890C6-1459-4C56-A5BF-02956BEC7A82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4B8002C6-7FC4-4E67-A5D0-1BA020C3F85F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4BA3E87B-EB7E-4A13-9033-C72B2E214FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{4CF62D67-CC28-4C38-A350-E0A7791CE4F0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4E4A11C5-28A4-428B-8992-16CBA76AF201}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5492C4F9-B703-432B-A1B3-F01D0B56E77E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5AC7A6D1-7B80-44E0-85C6-85CA825E47FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5D132145-9936-4431-9798-A4D61F0842E9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{5DB51735-1987-4ACF-BB14-23A912CFAC03}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe |
"{65D5A4D8-7280-4D97-AA3D-048CCF7F9475}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{66124D16-D65F-4E93-9433-55A8EC0677F9}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"{68307A9D-E3FB-40F1-B34B-1ECD9D8E956D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6935C97C-891D-460C-AA78-23ED5F58A8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 3\deadspace3.exe |
"{6B9A2724-C702-4E07-A639-E25BDAD69A9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6D7C9FF7-9D37-4C06-B9DD-C243C7319C44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{6EB0B53C-2C6C-4F44-BBC7-62852AF0ECD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{71E04E78-74DF-4218-9B99-8AB424E3D6C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7252D71A-C04C-4F9A-8F7C-916EBDE622EA}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{726ADEBD-BDEF-47A0-80AD-4B4A94C67BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{74D80ABC-A014-4A96-9148-212F27D70167}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{74DD9C23-59BF-4642-AAC4-C79D0DD88961}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BE29959-1878-46DF-94AD-C114215C0380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{80B3EE65-003E-4D04-90A0-892E8AD8E942}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{81325630-3A4E-4851-81B0-40E5F871C1A4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{853A44A6-4058-4890-9230-6FDAF56165EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{87F9ADE8-92DC-45FC-AB64-CE3C2BEF53DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{8B10C662-A11E-4394-8A13-C32A599116DF}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"{8EC11256-7936-45B5-B643-AFAB5BAB04CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{8FF7FEF6-1084-4DDC-9F57-DCE9E10763B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91D3FF45-907C-4291-9F54-DF213D9B29FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{91FC92F1-A3B4-4947-8E39-B1F7EBC6D28C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{92E96CC0-1DB1-4809-B559-B4D5668D0D46}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{981CB0ED-0018-48C3-BF00-B7F85179CE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{9BE1422A-7B74-4172-AF86-EE34E4D4BB19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{9E9277B1-344A-4C3F-B721-0E34825F7C54}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{A0B66F93-9984-4E7C-B392-40F1B208F019}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{A0CB7C81-EE3D-4A84-BEF5-5200B88AF58B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{A25E2A26-72AA-46C9-96E8-A879F975D36A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2873088-9936-4F05-AAE4-FBC0BDD2031E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{A348C0D2-0C45-4E85-A936-8AF895D8EA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{AAEBA4D9-5B01-404F-9462-84E039D3B91B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{ADF41889-9F05-4BBE-8A24-651CB7E8440D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{B34586DA-0A60-4EE8-BCDE-2E10E25FD040}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{B471647E-06EF-454B-A4BC-F1ABE5D7197F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD1D69FF-5176-443B-86CA-9817FE281D3D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C1BFFB5D-6ED4-4B14-B64B-8BC7641D9B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C457F4DC-FAA8-46AD-8E60-7E5DF1EDB65C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{C4C3B9B4-8432-4F3E-BAF9-A7B624161338}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{CD7BE536-AAE0-4D9C-A0CA-37F0428CEE68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF794E08-B45B-45EF-9B72-D14F7333AA40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{D31743A5-52F9-45ED-988B-84F90E7B2357}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D62945F0-9523-43CD-BFE2-A2E6DC90D962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7ED3652-920A-46BB-9BD8-5A5DE4BBB161}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D8AA26C6-5005-43AF-8793-EE39F2D3A87F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D9662943-A50D-4A75-8649-E827BB0AA83D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{D9F43C3C-4DF9-42CB-A6C3-62FBCA4787BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{DC1604FF-9C13-4FFC-AFF7-8B0541A35227}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DD5BA3BF-AC54-4DFA-82EF-C48490B34AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{DDB3CBE7-0112-435A-9F73-F1C3FF574D40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{DDED050D-F3DF-4127-93D7-69A19297DBFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E10D9F0F-A6EB-45C4-9A63-3C42AA25BEB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E2010418-A7FC-4624-AC2E-5D036C045BA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{E760BF1E-103C-4F62-881A-DD46266C8812}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{E7F09D40-B1AB-41BD-BAE4-73808DFD130A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E8B7AA8A-D03B-4CF5-B932-5147C3BC08CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{E95E3179-9BEF-4B29-949B-140FA4538EEA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EFB2F8A4-58A2-464D-819A-848E31108819}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EFB33C12-B733-4FCE-A368-77BAC7D6C852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F227A393-2FF6-47EE-A51E-1976865BE004}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{F3A4F93F-1EA6-41E5-BCC7-F36C787ACF13}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{F743A647-1CC2-4D77-ABD9-D006F687E830}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{F8CEC0EB-D7C9-4C44-AC52-D6F79BD3447A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDDAE7E8-CCB4-44D7-A67C-73F142CC00EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{FED5E058-E51A-4F2D-B843-750652DA8759}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{303DA8B1-7C95-4024-977D-7E248C498D2C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{362DAA8E-B83B-4DA9-B3DF-43B095674FC5}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{3C4C7C9C-20B4-415D-B596-3B0822345E41}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{5BC68D7D-BA5A-4F6B-A484-5FB85AC01E82}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe |
"TCP Query User{71B7C81F-99D4-4BB4-AC11-2951D153E529}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{B980F301-AEB9-4F8E-8037-66E7F76E6D3A}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{BE728ADB-1ABC-4EA1-B9B7-9F00FD9C0C4C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{CD7FD80A-4F9C-496E-867D-51D3DB77F620}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{D7C6A3CE-C760-4312-8736-81CACFC65FF3}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{F01DDF02-9279-44DA-AD7A-C9CC8A9E9EB4}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"TCP Query User{F065294F-DC58-4F23-BFDE-1621E391E8D4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0FB0B5A1-207B-41B4-BC12-6461928E591C}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{177DF58B-F762-4B2C-9A6C-DCA6E373B118}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe |
"UDP Query User{26F073EC-87C2-44F1-8FB8-83490BDF8419}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{5B1833E9-A0D0-46EE-8F84-567D0FF1D8B0}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{AD7BEA3F-E730-472B-B1D3-F1067DB0C828}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D323A88F-B54E-4E97-9133-84F50E61B354}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{D90D46C3-3610-430F-A3DA-9E6E42E9DE74}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{DADBFF4E-8C11-40EF-94A1-49E87D88692B}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{E27B3AE8-F5D7-4EAC-9154-D6F33DEFE1CC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F178F074-2871-4CEF-93C4-6228D387E314}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{FD3FAF36-23C8-413D-9C31-139BD25602A2}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}" = AMD Catalyst Install Manager
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{E74DBCA2-F0BC-929D-0504-87E97079EB4A}" = AMD Drag and Drop Transcoding
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.15.4
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{385C8E5A-0B4F-4DCD-BBBD-2A8AE0400A76}" = TP-LINK Wireless Client Utility
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C6B0FBD0-067F-5ED3-B4C1-BC61284A1079}" = Catalyst Control Center InstallProxy
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EB99ED57-FF42-4272-8EDA-E367DFF29596}" = Audials
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aliens: Colonial Marines_is1" = Aliens: Colonial Marines
"APOFIG GUI_is1" = APOFIG GUI by enable v1.00 [01 July 2010]
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BioShock Infinite_is1" = BioShock Infinite
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory 2.0.104
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Generic USB Sound" = Speed Link
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MKVToolNix" = MKVToolNix 6.1.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1" = Dead Island Riptide (c) Deep Silver version 1
"StarCraft II" = StarCraft II
"Steam App 109400" = MicroVolts
"Steam App 202352" = Steam Trading Card Beta Access
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 226320" = Marvel Heroes
"Steam App 230410" = Warframe
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 630" = Alien Swarm
"Steam App 6370" = Bloodline Champions
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack
"Tomb Raider_is1" = Tomb Raider
"Tunngle beta_is1" = Tunngle beta
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uplay" = Uplay
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.06.2013 12:46:30 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm INSTALL.EXE, Version 9.0.0.76 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c5c Startzeit:
01ce6530c41983e9 Endzeit: 4 Anwendungspfad: C:\Users\*****\Downloads\Jdownloader\INSTALL.EXE
Berichts-ID:
2159ecc1-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:18 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0xfd4 Startzeit der fehlerhaften Anwendung: 0x01ce653101061c48 Pfad der fehlerhaften
Anwendung: C:\Users\*****\AppData\Local\Temp\Rar$EXa0.717\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\AppData\Local\Temp\Rar$EXa0.717\joey_pc.exe Berichtskennung:
3ec7026d-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0x13ac Startzeit der fehlerhaften Anwendung: 0x01ce65310c70f234 Pfad der fehlerhaften
Anwendung: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Berichtskennung: 4a2ccf36-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:50 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0x11c8 Startzeit der fehlerhaften Anwendung: 0x01ce653113f4461d Pfad der fehlerhaften
Anwendung: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Berichtskennung: 51b13494-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 14:45:27 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm WORDPAD.EXE, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 154 Startzeit: 01ce65417c1dd3f1 Endzeit: 6 Anwendungspfad: C:\Program
Files\Windows NT\Accessories\WORDPAD.EXE Berichts-ID: befdd64a-d134-11e2-8a85-902b349a1177
Error - 10.06.2013 08:56:39 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12d0 Startzeit: 01ce65d9ed567cb9 Endzeit: 2 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 2f81362a-d1cd-11e2-84e1-902b349a1177
Error - 10.06.2013 09:00:07 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a74 Startzeit: 01ce65da68f38424 Endzeit: 2 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID:
ab06486c-d1cd-11e2-84e1-902b349a1177
Error - 11.06.2013 21:44:55 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005e045 ID des fehlerhaften Prozesses:
0x1a8 Startzeit der fehlerhaften Anwendung: 0x01ce66f3393ed399 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh! Power of Chaos
JOEY THE PASSION\joey_pc.exe Berichtskennung: adfd282f-d301-11e2-8ae5-902b349a1177
Error - 11.06.2013 21:45:11 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm joey_pc.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a8 Startzeit:
01ce66f3393ed399 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh!
Power of Chaos JOEY THE PASSION\joey_pc.exe Berichts-ID:
Error - 14.06.2013 04:47:58 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0x01ce68db30f4988b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
1cbc4c62-d4cf-11e2-97e8-902b349a1177
[ System Events ]
Error - 05.06.2013 14:02:25 | Computer Name = *****-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.06.2013 07:14:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.06.2013 07:14:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 07.06.2013 07:33:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.06.2013 07:33:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.06.2013 14:52:37 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 10.06.2013 10:25:08 | Computer Name = *****-PC | Source = DCOM | ID = 10001
Description =
Error - 13.06.2013 09:05:51 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
Error - 13.06.2013 16:25:58 | Computer Name = *****-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
< End of report >
Code:
ATTFilter Farbar Service Scanner Version: 31-05-2013 01
Ran by ****** (administrator) on 14-06-2013 at 15:36:07
Running from "C:\Users\******\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Hoffe das ich alles richtig gemacht habe. Danke für eure HILFE!  |
|
14.06.2013, 14:47
| #2 |
| /// the machine /// TB-Ausbilder    | Pc ist langsamer geworden ... hier ein paar Logs Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
14.06.2013, 14:54
| #3 |
| | Pc ist langsamer geworden ... hier ein paar Logs Frst:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by ***** (administrator) on 14-06-2013 15:50:18
Running from C:\Users\*****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
HKCU\...\Run: [AdobeBridge] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.findrsearch.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKCU - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
BHO-x32: No Name - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default
FF Homepage: https://pbe.leagueoflegends.com/en/signup/index
FF NetworkProxy: "http", "152.26.53.5"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-25] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-21] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-06] (DT Soft Ltd)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-01-16] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-01-16] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-01-16] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-01-16] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-01-16] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-01-16] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-18] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-18] (RapidSolution Software AG)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-14 15:50 - 2013-06-14 15:50 - 00000000 ____D C:\FRST
2013-06-14 15:49 - 2013-06-14 15:49 - 01920398 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-06-14 15:36 - 2013-06-14 15:36 - 00002500 ____A C:\Users\*****\Desktop\FSS.txt
2013-06-14 15:22 - 2013-06-14 15:22 - 00104570 ____A C:\Users\*****\Desktop\Extras.Txt
2013-06-14 15:21 - 2013-06-14 15:21 - 00356099 ____A (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-06-14 15:21 - 2013-06-14 15:21 - 00070928 ____A C:\Users\*****\Desktop\OTL.Txt
2013-06-14 15:16 - 2013-06-14 15:16 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Desktop\OTL.exe
2013-06-14 15:14 - 2013-06-14 15:14 - 00005637 ____A C:\AdwCleaner[S1].txt
2013-06-14 15:10 - 2013-06-14 15:10 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-14 15:09 - 2013-06-14 15:09 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-14 15:07 - 2013-06-14 15:07 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-14 15:07 - 2013-06-14 15:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-14 15:02 - 2013-06-14 15:02 - 00903072 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-14 14:35 - 2013-06-14 14:35 - 00038331 ____A C:\Users\*****\AppData\Local\recently-used.xbel
2013-06-12 23:42 - 2013-06-12 23:42 - 00000222 ____A C:\Users\*****\Desktop\Marvel Heroes.url
2013-06-11 23:22 - 2004-09-05 00:04 - 00000814 ____A C:\Users\*****\Downloads\all cards.reg
2013-06-10 20:06 - 2013-06-10 20:06 - 00006440 ____A C:\Users\*****\Downloads\Ypassionallcards.zip
2013-06-10 16:29 - 2013-06-10 16:29 - 00001360 ____A C:\Users\*****\Desktop\kaiba_pc.lnk
2013-06-10 16:29 - 2013-06-10 16:29 - 00001346 ____A C:\Users\*****\Desktop\joey_pc.lnk
2013-06-10 16:10 - 2013-06-10 16:10 - 00001346 ____A C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk
2013-06-10 15:45 - 2013-06-10 16:25 - 00000000 ____D C:\Program Files (x86)\KONAMI
2013-06-06 13:01 - 2013-06-06 13:01 - 00025629 ____A C:\Users\*****\Downloads\lightning-bolts.zip
2013-06-04 07:23 - 2013-06-04 07:23 - 00000000 ____D C:\Malwarebytes
2013-05-25 05:47 - 2013-06-14 15:15 - 00005264 ____A C:\Windows\setupact.log
2013-05-25 05:47 - 2013-05-25 05:47 - 00000000 ____A C:\Windows\setuperr.log
2013-05-24 16:58 - 2013-05-24 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-18 12:53 - 2013-05-18 12:53 - 02183120 ____A C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav
2013-05-17 14:21 - 2013-05-17 14:21 - 00000000 ____D C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-05-17 14:01 - 2013-05-17 14:01 - 00000000 ____D C:\Users\*****\AppData\Roaming\PDAppFlex
2013-05-16 14:09 - 2013-05-16 14:09 - 00000903 ____A C:\Users\*****\Desktop\ePSXe.lnk
==================== One Month Modified Files and Folders =======
2013-06-14 15:50 - 2013-06-14 15:50 - 00000000 ____D C:\FRST
2013-06-14 15:49 - 2013-06-14 15:49 - 01920398 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-06-14 15:36 - 2013-06-14 15:36 - 00002500 ____A C:\Users\*****\Desktop\FSS.txt
2013-06-14 15:24 - 2009-07-14 06:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-14 15:24 - 2009-07-14 06:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 15:22 - 2013-06-14 15:22 - 00104570 ____A C:\Users\*****\Desktop\Extras.Txt
2013-06-14 15:22 - 2009-07-14 19:58 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-06-14 15:22 - 2009-07-14 19:58 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-06-14 15:22 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 15:21 - 2013-06-14 15:21 - 00356099 ____A (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-06-14 15:21 - 2013-06-14 15:21 - 00070928 ____A C:\Users\*****\Desktop\OTL.Txt
2013-06-14 15:19 - 2013-01-16 17:18 - 01432916 ____A C:\Windows\WindowsUpdate.log
2013-06-14 15:16 - 2013-06-14 15:16 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Desktop\OTL.exe
2013-06-14 15:15 - 2013-05-25 05:47 - 00005264 ____A C:\Windows\setupact.log
2013-06-14 15:15 - 2013-04-19 14:23 - 00002368 ____A C:\Windows\PFRO.log
2013-06-14 15:15 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-14 15:14 - 2013-06-14 15:14 - 00005637 ____A C:\AdwCleaner[S1].txt
2013-06-14 15:11 - 2013-04-06 07:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-14 15:11 - 2013-04-06 07:10 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-06-14 15:10 - 2013-06-14 15:10 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-14 15:09 - 2013-06-14 15:09 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-14 15:09 - 2013-04-06 07:11 - 00000000 ____D C:\ProgramData\Adobe
2013-06-14 15:07 - 2013-06-14 15:07 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-14 15:07 - 2013-06-14 15:07 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-14 15:07 - 2013-06-14 15:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-14 15:07 - 2013-01-16 18:20 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-14 15:07 - 2013-01-16 18:20 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-14 15:02 - 2013-06-14 15:02 - 00903072 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-14 14:46 - 2013-03-01 13:42 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-06-14 14:35 - 2013-06-14 14:35 - 00038331 ____A C:\Users\*****\AppData\Local\recently-used.xbel
2013-06-14 14:35 - 2013-04-01 22:07 - 00000000 ____D C:\Users\*****\.gimp-2.8
2013-06-14 14:27 - 2013-01-18 14:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-06-14 14:21 - 2013-03-06 16:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\Audacity
2013-06-14 14:03 - 2013-03-30 04:52 - 00000000 ____D C:\Program Files\MeGUI_2308_x86
2013-06-14 13:23 - 2013-01-16 19:26 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-13 19:26 - 2013-01-20 10:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\Awesomium
2013-06-13 19:25 - 2013-01-20 13:06 - 00000000 ____D C:\Users\*****\Documents\My Games
2013-06-13 19:24 - 2013-04-22 17:16 - 00057500 ____A C:\Windows\DirectX.log
2013-06-13 19:23 - 2013-02-07 20:40 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tunngle
2013-06-13 19:23 - 2013-02-07 20:40 - 00000000 ____D C:\ProgramData\Tunngle
2013-06-12 23:42 - 2013-06-12 23:42 - 00000222 ____A C:\Users\*****\Desktop\Marvel Heroes.url
2013-06-10 20:06 - 2013-06-10 20:06 - 00006440 ____A C:\Users\*****\Downloads\Ypassionallcards.zip
2013-06-10 16:32 - 2013-03-31 11:01 - 00000000 ____D C:\Users\*****\Downloads\Jdownloader
2013-06-10 16:29 - 2013-06-10 16:29 - 00001360 ____A C:\Users\*****\Desktop\kaiba_pc.lnk
2013-06-10 16:29 - 2013-06-10 16:29 - 00001346 ____A C:\Users\*****\Desktop\joey_pc.lnk
2013-06-10 16:25 - 2013-06-10 15:45 - 00000000 ____D C:\Program Files (x86)\KONAMI
2013-06-10 16:10 - 2013-06-10 16:10 - 00001346 ____A C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk
2013-06-06 15:17 - 2013-01-20 14:31 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-06-06 14:43 - 2013-04-19 16:10 - 00000132 ____A C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-06-06 13:01 - 2013-06-06 13:01 - 00025629 ____A C:\Users\*****\Downloads\lightning-bolts.zip
2013-06-04 07:23 - 2013-06-04 07:23 - 00000000 ____D C:\Malwarebytes
2013-05-26 10:51 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-25 05:47 - 2013-05-25 05:47 - 00000000 ____A C:\Windows\setuperr.log
2013-05-25 03:57 - 2013-03-23 03:23 - 00000000 ____D C:\ProgramData\Freemake
2013-05-24 19:34 - 2013-04-06 05:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 16:58 - 2013-05-24 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 15:05 - 2013-03-07 00:20 - 00009637 ____A C:\Users\*****\Documents\TombRaider.log
2013-05-19 19:45 - 2013-03-13 21:38 - 00000000 ____D C:\Users\*****\AppData\Local\ESL Wire Game Client
2013-05-19 10:04 - 2013-02-04 14:50 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-18 12:53 - 2013-05-18 12:53 - 02183120 ____A C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav
2013-05-18 12:53 - 2013-01-16 17:22 - 00000000 ____D C:\users\*****
2013-05-18 11:33 - 2013-02-04 14:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-18 11:33 - 2013-01-20 13:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-17 15:15 - 2013-01-20 10:56 - 00000000 ____D C:\Users\*****\Documents\StarCraft II
2013-05-17 14:22 - 2013-01-20 10:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-05-17 14:21 - 2013-05-17 14:21 - 00000000 ____D C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-05-17 14:21 - 2013-01-17 17:26 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-05-17 14:01 - 2013-05-17 14:01 - 00000000 ____D C:\Users\*****\AppData\Roaming\PDAppFlex
2013-05-16 14:09 - 2013-05-16 14:09 - 00000903 ____A C:\Users\*****\Desktop\ePSXe.lnk
2013-05-16 14:09 - 2013-04-24 12:50 - 00000000 ____D C:\Program Files\ePSXe 1.7.0
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 23:54
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 Ran by ***** at 2013-06-14 15:50:28 Run: Running from C:\Users\*****\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= @BIOS (Version: 2.25) Adobe Flash Player 11 ActiveX (Version: 11.6.602.180) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Photoshop CS6 (Version: 13.0) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) AION Free-to-Play Version 1.0 (Version: 1.0) Alien Swarm Aliens: Colonial Marines AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.70727.2220) Amnesia: The Dark Descent APOFIG GUI by enable v1.00 [01 July 2010] Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.15.16) Audacity 2.0.3 (Version: 2.0.3) Audials (Version: 10.1.514.1400) AutoGreen B12.0206.1 (Version: 1.00.0000) Avira Free Antivirus (Version: 13.0.0.3640) Battlefield 3™ (Version: 1.5.0.0) Battlelog Web Plugins (Version: 2.1.3) BioShock Infinite Bloodline Champions Call of Duty: Black Ops - Multiplayer Call of Duty: Black Ops II - Multiplayer Call of Duty: Black Ops II - Zombies Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2012.0806.1213.19931) Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931) Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931) Catalyst Control Center Localization All (Version: 2012.0806.1213.19931) CCC Help Chinese Standard (Version: 2012.0806.1212.19931) CCC Help Chinese Traditional (Version: 2012.0806.1212.19931) CCC Help Czech (Version: 2012.0806.1212.19931) CCC Help Danish (Version: 2012.0806.1212.19931) CCC Help Dutch (Version: 2012.0806.1212.19931) CCC Help English (Version: 2012.0806.1212.19931) CCC Help Finnish (Version: 2012.0806.1212.19931) CCC Help French (Version: 2012.0806.1212.19931) CCC Help German (Version: 2012.0806.1212.19931) CCC Help Greek (Version: 2012.0806.1212.19931) CCC Help Hungarian (Version: 2012.0806.1212.19931) CCC Help Italian (Version: 2012.0806.1212.19931) CCC Help Japanese (Version: 2012.0806.1212.19931) CCC Help Korean (Version: 2012.0806.1212.19931) CCC Help Norwegian (Version: 2012.0806.1212.19931) CCC Help Polish (Version: 2012.0806.1212.19931) CCC Help Portuguese (Version: 2012.0806.1212.19931) CCC Help Russian (Version: 2012.0806.1212.19931) CCC Help Spanish (Version: 2012.0806.1212.19931) CCC Help Swedish (Version: 2012.0806.1212.19931) CCC Help Thai (Version: 2012.0806.1212.19931) CCC Help Turkish (Version: 2012.0806.1212.19931) ccc-utility64 (Version: 2012.0806.1213.19931) CCleaner (Version: 3.27) CDBurnerXP (Version: 4.5.0.3717) Counter-Strike: Source D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.46.1.0327) Dead Island Riptide (c) Deep Silver version 1 (Version: 1) Dead Space™ 3 (Version: 1.0.0.0) Diablo III (Version: 1.0.6.13644) Dota 2 Dxtory 2.0.104 (Version: 2.0.104) Easy Tune 6 B12.0626.1 (Version: 1.00.0000) ESL Wire 1.15.4 ESN Sonar (Version: 0.70.4) Etron USB3.0 Host Controller (Version: 0.110) Far Cry 3 (Version: 1.00) Far Cry 3 Blood Dragon (Version: 1.00) Fotogalerie (Version: 16.4.3505.0912) Fraps (remove only) Gameforge Live 1.0 "Legend" (Version: 1.1.1724) GIMP 2.8.4 (Version: 2.8.4) Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0) Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.5.235) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) JDownloader 0.9 (Version: 0.9) K-Lite Mega Codec Pack 9.8.0 (Version: 9.8.0) Lagarith Lossless Codec (1.3.27) League of Legends (Version: 1.02.0000) LOLReplay (Version: 0.8.1.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Marvel Heroes Metro 2033 Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Ultimate 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) MicroVolts MKVToolNix 6.1.0 (Version: 6.1.0) Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT Redists (Version: 1.0) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) ON_OFF Charge B11.1102.1 (Version: 1.00.0001) Origin (Version: 9.1.10.2728) PCSX2 - Playstation 2 Emulator PDF Settings CS6 (Version: 11.0) Photo Gallery (Version: 16.4.3505.0912) Platform (Version: 1.39) Smite (Version: 0.1.1491.7) Speed Link StarCraft II (Version: 2.0.8.25604) Steam (Version: 1.0.0.0) Steam Trading Card Beta Access System Requirements Lab for Intel (Version: 4.5.13.0) Team Fortress 2 TeamSpeak 3 Client (Version: 3.0.10.1) The Elder Scrolls V Skyrim - High Resolution Texture Pack TP-LINK Wireless Client Utility (Version: 7.0) Tunngle beta Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Uplay (Version: 2.1) Vegas Pro 12.0 (64-bit) (Version: 12.0.486) VIA Plattform-Geräte-Manager (Version: 1.39) VLC media player 2.0.5 (Version: 2.0.5) Warframe Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (Version: 1.00.0000) Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (Version: 1.00.0000) Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (Version: 1.00.0000) ==================== Restore Points ========================= 14-06-2013 10:49:10 Geplanter Prüfpunkt 14-06-2013 13:02:21 Removed Java 7 Update 11 (64-bit) 14-06-2013 13:07:36 Installed Java 7 Update 21 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2013 10:47:58 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (06/12/2013 03:45:11 AM) (Source: Application Hang) (User: ) Description: Programm joey_pc.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a8 Startzeit: 01ce66f3393ed399 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe Berichts-ID: Error: (06/12/2013 03:44:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005e045 ID des fehlerhaften Prozesses: 0x1a8 Startzeit der fehlerhaften Anwendung: 0xjoey_pc.exe0 Pfad der fehlerhaften Anwendung: joey_pc.exe1 Pfad des fehlerhaften Moduls: joey_pc.exe2 Berichtskennung: joey_pc.exe3 Error: (06/10/2013 03:00:07 PM) (Source: Application Hang) (User: ) Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a74 Startzeit: 01ce65da68f38424 Endzeit: 2 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: ab06486c-d1cd-11e2-84e1-902b349a1177 Error: (06/10/2013 02:56:39 PM) (Source: Application Hang) (User: ) Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12d0 Startzeit: 01ce65d9ed567cb9 Endzeit: 2 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 2f81362a-d1cd-11e2-84e1-902b349a1177 Error: (06/09/2013 08:45:27 PM) (Source: Application Hang) (User: ) Description: Programm WORDPAD.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 154 Startzeit: 01ce65417c1dd3f1 Endzeit: 6 Anwendungspfad: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE Berichts-ID: befdd64a-d134-11e2-8a85-902b349a1177 Error: (06/09/2013 06:47:50 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses: 0x11c8 Startzeit der fehlerhaften Anwendung: 0xjoey_pc.exe0 Pfad der fehlerhaften Anwendung: joey_pc.exe1 Pfad des fehlerhaften Moduls: joey_pc.exe2 Berichtskennung: joey_pc.exe3 Error: (06/09/2013 06:47:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses: 0x13ac Startzeit der fehlerhaften Anwendung: 0xjoey_pc.exe0 Pfad der fehlerhaften Anwendung: joey_pc.exe1 Pfad des fehlerhaften Moduls: joey_pc.exe2 Berichtskennung: joey_pc.exe3 Error: (06/09/2013 06:47:18 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses: 0xfd4 Startzeit der fehlerhaften Anwendung: 0xjoey_pc.exe0 Pfad der fehlerhaften Anwendung: joey_pc.exe1 Pfad des fehlerhaften Moduls: joey_pc.exe2 Berichtskennung: joey_pc.exe3 Error: (06/09/2013 06:46:30 PM) (Source: Application Hang) (User: ) Description: Programm INSTALL.EXE, Version 9.0.0.76 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c5c Startzeit: 01ce6530c41983e9 Endzeit: 4 Anwendungspfad: C:\Users\*****\Downloads\Jdownloader\INSTALL.EXE Berichts-ID: 2159ecc1-d124-11e2-8a85-902b349a1177 System errors: ============= Error: (06/13/2013 10:25:58 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann. Error: (06/13/2013 03:05:51 PM) (Source: DCOM) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (06/10/2013 04:25:08 PM) (Source: DCOM) (User: ) Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding740{B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} Error: (06/09/2013 08:52:37 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/07/2013 01:33:07 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/07/2013 01:33:07 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (06/07/2013 01:14:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/07/2013 01:14:33 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (06/05/2013 08:02:25 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 8154.24 MB Available physical RAM: 6084.05 MB Total Pagefile: 16306.67 MB Available Pagefile: 14229.43 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:297.1 GB) NTFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AF379D23) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
14.06.2013, 16:18
| #4 | |
| /// the machine /// TB-Ausbilder | Pc ist langsamer geworden ... hier ein paar LogsCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2013, 21:18
| #5 |
| | Pc ist langsamer geworden ... hier ein paar Logs Combofix: Code:
ATTFilter ComboFix 13-06-13.01 - ***** 14.06.2013 22:10:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8154.6406 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-14 bis 2013-06-14 ))))))))))))))))))))))))))))))
.
.
2013-06-14 20:15 . 2013-06-14 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-14 14:41 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 14:41 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-14 14:39 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-14 14:39 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-14 14:39 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-14 14:39 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 14:39 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-14 14:39 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-14 14:37 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 14:37 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-14 14:37 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-14 14:37 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-14 14:37 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-14 14:37 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-14 14:37 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-14 14:37 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-14 13:50 . 2013-06-14 13:50 -------- d-----w- C:\FRST
2013-06-14 13:08 . 2013-06-14 13:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-14 13:07 . 2013-06-14 13:07 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-14 13:07 . 2013-06-14 13:07 -------- d-----w- c:\program files (x86)\Java
2013-06-10 13:45 . 2013-06-10 14:25 -------- d-----w- c:\program files (x86)\KONAMI
2013-06-04 05:23 . 2013-06-04 05:23 -------- d-----w- C:\Malwarebytes
2013-05-17 12:21 . 2013-05-17 12:21 -------- d-----w- c:\users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-05-17 12:01 . 2013-05-17 12:01 -------- d-----w- c:\users\*****\AppData\Roaming\PDAppFlex
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 13:07 . 2013-01-16 16:20 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-14 13:07 . 2013-01-16 16:20 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-02 15:11 . 2013-01-18 15:34 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-18 09:33 . 2013-02-04 12:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 09:33 . 2013-01-20 11:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 06:45 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 09:53 . 2013-05-02 09:53 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-24 21:36 . 2013-01-18 13:15 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-24 21:36 . 2013-01-18 13:13 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-24 21:35 . 2013-01-18 13:06 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-13 05:49 . 2013-06-14 14:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-14 14:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-14 14:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-14 14:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-14 14:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-14 14:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-07 08:54 . 2013-01-28 09:13 1455408 ----a-w- c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2013-01-28 09:13 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-04-04 12:50 . 2013-04-21 09:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-25 15:13 . 2013-03-25 15:14 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-25 15:13 . 2013-03-25 15:14 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-25 15:13 . 2013-03-25 15:14 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ntcdrdrv.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 09:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.findrsearch.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\mozilla\firefox\Profiles\cgeix5sb.default\
FF - prefs.js: browser.startup.homepage - hxxps://pbe.leagueoflegends.com/en/signup/index
FF - prefs.js: network.proxy.http - 152.26.53.5
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-{7F796E37-6F45-9BF7-16C3-04721ED0C2DA} - c:\progra~3\INSTAL~1\{ED041~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-14 22:16:34
ComboFix-quarantined-files.txt 2013-06-14 20:16
.
Vor Suchlauf: 12 Verzeichnis(se), 317.812.600.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 317.464.784.896 Bytes frei
.
- - End Of File - - 52B96D7ECE71773BA15AE7C90AFA964D
A36C5E4F47E84449FF07ED3517B43A31
|
|
15.06.2013, 09:20
| #6 |
| /// the machine /// TB-Ausbilder | Pc ist langsamer geworden ... hier ein paar Logs Combofix-Skript
__________________ --> Pc ist langsamer geworden ... hier ein paar Logs |
|
15.06.2013, 13:39
| #7 |
| | Pc ist langsamer geworden ... hier ein paar Logs ComboFix Log: Code:
ATTFilter ComboFix 13-06-13.01 - ****** 15.06.2013 14:22:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8154.6492 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\******\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va012"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA012
-------\Service_X6va012
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-15 bis 2013-06-15 ))))))))))))))))))))))))))))))
.
.
2013-06-14 14:50 . 2013-05-17 04:10 182936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 14:41 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 14:41 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-14 14:39 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-14 14:39 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-14 14:39 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-14 14:39 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 14:39 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-14 14:39 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-14 14:37 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 14:37 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-14 14:37 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-14 14:37 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-14 14:37 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-14 14:37 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-14 14:37 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-14 14:37 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-14 13:50 . 2013-06-14 13:50 -------- d-----w- C:\FRST
2013-06-14 13:08 . 2013-06-14 13:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-14 13:07 . 2013-06-14 13:07 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-14 13:07 . 2013-06-14 13:07 -------- d-----w- c:\program files (x86)\Java
2013-06-10 13:45 . 2013-06-10 14:25 -------- d-----w- c:\program files (x86)\KONAMI
2013-06-04 05:23 . 2013-06-04 05:23 -------- d-----w- C:\Malwarebytes
2013-05-17 12:21 . 2013-05-17 12:21 -------- d-----w- c:\users\******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-05-17 12:01 . 2013-05-17 12:01 -------- d-----w- c:\users\******\AppData\Roaming\PDAppFlex
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 13:07 . 2013-01-16 16:20 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-14 13:07 . 2013-01-16 16:20 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-02 15:11 . 2013-01-18 15:34 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-18 09:33 . 2013-02-04 12:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 09:33 . 2013-01-20 11:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 06:45 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 09:53 . 2013-05-02 09:53 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-24 21:36 . 2013-01-18 13:15 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-24 21:36 . 2013-01-18 13:13 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-24 21:35 . 2013-01-18 13:06 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-13 05:49 . 2013-06-14 14:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-14 14:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-14 14:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-14 14:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-14 14:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-14 14:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-07 08:54 . 2013-01-28 09:13 1455408 ----a-w- c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2013-01-28 09:13 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-04-04 12:50 . 2013-04-21 09:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-25 15:13 . 2013-03-25 15:14 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-25 15:13 . 2013-03-25 15:14 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-25 15:13 . 2013-03-25 15:14 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ntcdrdrv.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 09:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.findrsearch.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\******\AppData\Roaming\mozilla\firefox\Profiles\cgeix5sb.default\
FF - prefs.js: browser.startup.homepage - hxxps://pbe.leagueoflegends.com/en/signup/index
FF - prefs.js: network.proxy.http - 152.26.53.5
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7F796E37-6F45-9BF7-16C3-04721ED0C2DA} - c:\progra~3\INSTAL~1\{ED041~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-15 14:30:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-15 12:30
ComboFix2.txt 2013-06-14 20:16
.
Vor Suchlauf: 15 Verzeichnis(se), 315.413.659.648 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 314.966.437.888 Bytes frei
.
- - End Of File - - F155220A5E737C4683D81977F534B3BE
A36C5E4F47E84449FF07ED3517B43A31
Ist das normal? Falls es auch nicht zu viel gewollt ist, könnten Sie dann bitte auch immer sagen, was sie aus den Loggs verstanden haben bzw gemerkt haben? Wüsste gerne, ob die Schritte davor nötig waren oder nicht. Oder weshalb sie nicht ausreichend genug waren. Nochmals Danke für ihre Hilfe! MFg SyQun |
|
15.06.2013, 14:49
| #8 |
| /// the machine /// TB-Ausbilder | Pc ist langsamer geworden ... hier ein paar Logs Hi, die Meldung kommt bei Combofix vor, einfach einmal neu starten,wie Du schon gemacht hast. Sieht alles gut aus, jetzt noch Adware runter werfen und nen Onlinescan. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Logfile. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Pc ist langsamer geworden ... hier ein paar Logs |
| antivir, appdatalow, autorun, avira, battle.net, bho, black, browser, desktop, error, firefox, flash player, google, home, install.exe, internet, internet browser, internet explorer, launch, logfile, mozilla, msvcrt, plug-in, problem, registrierungsdatenbank, registry, scan, security, server, software, svchost.exe, teamspeak, usb sound, windows |
WARNUNG für die MITLESER: 
Linear-Darstellung
