Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.03.2013, 15:15   #1
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Hallo,

seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. Kein Erfolg. Gestern hatte ich nun einen Bluescreen. Nun möchte ich wissen, ob hier Malware drauf ist?

Code:
ATTFilter
 Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000000a (0xfffffa8019c52010, 0x0000000000000002, 0x0000000000000001, 0xfffff80003135e96). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP. Berichts-ID: 030813-16473-01.
         
Und hatte ihn mit Windbg analysiert:

Code:
ATTFilter
 [Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*c:\websymbols*hxxp://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`03003000 PsLoadedModuleList = 0xfffff800`03247670
Debug session time: Fri Mar  8 22:48:16.507 2013 (GMT+1)
System Uptime: 0 days 9:09:29.725
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols

Loading unloaded module list
.....
The context is partially valid. Only x86 user-mode context is available.
The wow64exts extension must be loaded to access 32-bit state.
.load wow64exts will do this if you haven't loaded it already.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa8019c52010, 2, 1, fffff80003135e96}

Probably caused by : Unknown_Image ( nt!MiReleaseConfirmedPageFileSpace+86 )

Followup: MachineOwner
---------

16.0: kd:x86> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8019c52010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003135e96, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  fffffa8019c52010 

CURRENT_IRQL:  0

FAULTING_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48              dec     eax

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

STACK_TEXT:  
00000000 00000000 00000000 00000000 00000000 0x0


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48              dec     eax

SYMBOL_NAME:  nt!MiReleaseConfirmedPageFileSpace+86

FOLLOWUP_NAME:  MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_NAME:  Unknown_Image

BUCKET_ID:  INVALID_KERNEL_CONTEXT

MODULE_NAME: Unknown_Module

Followup: MachineOwner
         
Beim Hochfahren stürzt öfters das Catalyst Control Center ab und Skype auch hin und wieder. Gmer stürzt während des Scannes ab.

Otl:

Code:
ATTFilter
OTL logfile created on: 09.03.2013 14:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\123456\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free
15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
PRC - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:24:04 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
PRC - [2010.11.16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.19 16:24:48 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.15 11:22:29 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll
MOD - [2013.02.15 11:22:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.15 10:36:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll
MOD - [2013.02.11 01:51:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.10 23:43:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.10 23:43:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.10 23:43:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.10 23:43:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.10 23:42:59 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.02.10 23:42:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.10 23:42:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.10 23:42:55 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
MOD - [2012.04.26 14:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.08 14:37:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 15:30:59 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.31 13:36:46 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2010.11.16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.12.24 21:15:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.11 16:24:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 16:24:01 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.29 15:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2)
DRV:64bit: - [2007.07.13 11:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FC866619-3B7A-4B7A-814E-F67001387215}&mid=eb32383579de47d08cf7125819465495-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=bm012&pr=sa&d=2012-12-16 22:01:35&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Extensions
[2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions
[2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi
[2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi
[2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml
[2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml
[2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.19 16:25:19 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.t-online.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.t-online.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\123456\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Security Toolbar = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Google Mail = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.07.14 05:08:11 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
[2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols
[2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols
[2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86)
[2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\ElevatedDiagnostics
[2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\HpUpdate
[2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\HP
[2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Paris
[2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Google
[2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\kuaiyong
[2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013.02.11 00:02:38 | 000,000,000 | ---D | C] -- C:\Download
[2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Samsung
[2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\Documents\My Videos
[2013.02.11 00:02:22 | 000,000,000 | ---D | C] -- C:\AllShare
[2013.02.11 00:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.02.11 00:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.02.10 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Downloaded Installations
[2013.02.08 13:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2013.02.08 13:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013.02.08 13:46:08 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.02.08 13:46:08 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.02.08 13:46:08 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.02.08 13:46:08 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.02.08 13:46:08 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.02.08 13:46:04 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.02.08 13:46:04 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.02.08 13:46:04 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.02.08 13:46:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.02.08 13:46:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013.02.08 13:45:59 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.02.08 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2013.02.08 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013.02.07 20:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.07 20:33:13 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.07 20:33:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.07 20:33:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.07 20:33:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.07 20:33:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.07 20:33:09 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.07 20:33:09 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.07 20:33:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.07 20:33:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.07 20:33:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.07 20:33:07 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.07 20:33:07 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.07 20:33:03 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.07 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.07 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.07 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Audio(6559)
[2013.02.07 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.07 19:15:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
[2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\123456\defogger_reenable
[2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\123456\Desktop\Defogger.exe
[2013.03.09 14:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.09 13:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 12:39:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.09 12:39:09 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.09 12:39:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.09 12:39:09 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.09 12:39:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.09 12:32:04 | 000,001,962 | ---- | M] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.09 12:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 12:31:37 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 22:49:20 | 581,628,762 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\123456\Documents\Scan0001.jpg
[2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\123456\Desktop\Fr. Revolution.odt
[2013.03.06 15:56:35 | 000,002,366 | ---- | M] () -- C:\Users\123456\Desktop\Google Chrome.lnk
[2013.03.06 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\123456\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.15 14:55:26 | 004,917,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 11:42:50 | 000,015,308 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt
[2013.02.11 17:38:19 | 000,013,388 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt
[2013.02.10 23:44:43 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.08 13:46:20 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.02.08 13:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.08 13:45:52 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.02.08 13:45:52 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.02.08 13:45:52 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.02.08 13:45:52 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.02.08 13:45:52 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.02.08 13:45:52 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.02.08 13:45:52 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\123456\defogger_reenable
[2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\123456\Desktop\Defogger.exe
[2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\123456\Documents\Scan0001.jpg
[2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\123456\Desktop\Fr. Revolution.odt
[2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\123456\Desktop\Google Chrome.lnk
[2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\123456\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.24 23:01:41 | 581,628,762 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.10 20:20:06 | 000,015,308 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt
[2013.02.10 19:53:13 | 000,013,388 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt
[2013.02.08 13:46:20 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.02.08 13:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.07 20:33:10 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.02.07 20:33:08 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\123456\AppData\Local\RAContactHistory.xml
[2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\123456\AppData\Roaming\winscp.rnd
[2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Lite
[2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Pro
[2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Exif Viewer
[2013.02.24 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\iFunbox_UserCache
[2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\ImgBurn
[2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\kuaiyong
[2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\OpenOffice.org
[2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PDAppFlex
[2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PeerNetworking
[2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\redsn0w
[2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Samsung
[2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Sinvise Systems
[2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Tibia
[2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\TibiaTestserver
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 14:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\123456\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free
15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system | 
"{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | 
"{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system | 
"{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | 
"{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"Exif-Viewer" = Exif-Viewer 2.51 
"Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"PunkBusterSvc" = PunkBuster Services
"Tibia Testserver_is1" = Tibia Testserver
"Tibia_is1" = Tibia
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2013 18:02:47 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
 0x4f8350e0  Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.586, Zeitstempel:
 0x504833fc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000017faac  ID des fehlerhaften
 Prozesses: 0xc58  Startzeit der fehlerhaften Anwendung: 0x01ce1c488e4e1f44  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Berichtskennung:
 e903c05d-883b-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 18:03:24 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 19:50:18 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: RPCRT4.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000051e2c
ID
 des fehlerhaften Prozesses: 0x25e4  Startzeit der fehlerhaften Anwendung: 0x01ce1c57afafe452
Pfad
 der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: ee18ca03-884a-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 20:44:31 | Computer Name = 123456-1337 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x777ddfe4]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 08.03.2013 20:58:31 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
 Version: 25.0.571.0, Zeitstempel: 0x4df02205  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0000000000051cd6  ID des fehlerhaften Prozesses: 0x2e08  Startzeit der fehlerhaften
 Anwendung: 0x01ce1c61311a949d  Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
 Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Berichtskennung:
 75497a31-8854-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 20:58:56 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
 Version: 25.0.571.0, Zeitstempel: 0x4df02205  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00000000000035c0  ID des fehlerhaften Prozesses: 0x2e08  Startzeit der fehlerhaften
 Anwendung: 0x01ce1c61311a949d  Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
 Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Berichtskennung:
 845e722e-8854-11e2-a5e3-e2d20d316c67
 
Error - 09.03.2013 07:33:30 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.03.2013 09:13:02 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001e59a
ID
 des fehlerhaften Prozesses: 0x700  Startzeit der fehlerhaften Anwendung: 0x01ce1cb9baa2c761
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 121848f6-88bb-11e2-8062-efac97c2646d
 
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000003700
ID
 des fehlerhaften Prozesses: 0x64c  Startzeit der fehlerhaften Anwendung: 0x01ce1cc7f895e515
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 36b71363-88bb-11e2-8062-efac97c2646d
 
Error - 09.03.2013 09:27:38 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000011f82
ID
 des fehlerhaften Prozesses: 0x1bfc  Startzeit der fehlerhaften Anwendung: 0x01ce1cc81cfd1066
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 1c3c0d25-88bd-11e2-8062-efac97c2646d
 
[ System Events ]
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 09.03.2013 09:13:03 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.03.2013 09:27:39 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
 passiert.
 
 
< End of report >
         

Alt 15.03.2013, 14:13   #2
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



danach:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



danach:

Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
- berichten
__________________

__________________

Alt 15.03.2013, 19:08   #3
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 15/03/2013 um 19:05:55 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ruper - RUPER-1337
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ruper\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\bprotector_prefs.js
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Ruper\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Ruper\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\deda8de66fed45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\deda8de66fed45
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\c2daolhf.Ruper - Kopie\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\wxyhjvea.default\prefs.js

Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Datei : C:\Users\Ruper\AppData\Roaming\Mozilla\Firefox\Profiles\xq5xt57x.Standard-Benutzer2\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3940 octets] - [26/11/2012 19:40:51]
AdwCleaner[R2].txt - [5186 octets] - [27/11/2012 17:12:13]
AdwCleaner[R3].txt - [1057 octets] - [27/11/2012 17:16:27]
AdwCleaner[R4].txt - [7502 octets] - [15/03/2013 19:04:58]
AdwCleaner[S2].txt - [5217 octets] - [27/11/2012 17:12:31]
AdwCleaner[S3].txt - [7296 octets] - [15/03/2013 19:05:55]

########## EOF - C:\AdwCleaner[S3].txt - [7356 octets] ##########
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruper :: RUPER-1337 [administrator]

15.03.2013 19:01:53
mbar-log-2013-03-15 (19-01-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30204
Time elapsed: 16 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 15.03.2013, 21:23   #4
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
- berichten
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.03.2013, 01:27   #5
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Sorry, hatte ich in der Eile ganz vergessen.

Datei ist zu groß um sie anzuhängen und zum posten genauso.

Hab es jetzt mal bei nopaste reingestellt, hoffe dies ist in ordnung:

hxxp://nopaste.info/892b804683.html


Alt 17.03.2013, 10:12   #6
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Gab es noch Abstuerze?

Mal ein Screenshot machen: BlueScreenView - Download - Filepony
__________________
--> Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?

Alt 17.03.2013, 12:02   #7
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Ja, leider gestern und vorgestern einige Bluescreens. Habe das Screenshot im Anhang gepackt.
Miniaturansicht angehängter Grafiken
-bluescreen.jpg  

Alt 17.03.2013, 12:46   #8
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Mal asufuehren: http://www.trojaner-board.de/78405-w...er-testen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.03.2013, 17:23   #9
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Laut Speicherdiagnose keine Fehler.

Alt 19.03.2013, 19:36   #10
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



OK, bitte Screenshot davon: CrystalDiskInfo - Download - Filepony


und dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.03.2013, 21:09   #11
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 20:54:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ruper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,75% Memory free
15,79 Gb Paging File | 13,33 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 638,39 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RUPER-1337 | User Name: Ruper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system | 
"{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | 
"{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system | 
"{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | 
"{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.4.2
"DAEMON Tools Pro" = DAEMON Tools Pro
"Exif-Viewer" = Exif-Viewer 2.51 
"Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"PunkBusterSvc" = PunkBuster Services
"TeXstudio_is1" = TeXstudio 2.3
"Tibia Testserver_is1" = Tibia Testserver
"Tibia_is1" = Tibia
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.03.2013 11:39:08 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.03.2013 12:00:08 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
 Zeitstempel: 0x5028bfc0  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73fb4d62  ID des fehlerhaften
 Prozesses: 0xb60  Startzeit der fehlerhaften Anwendung: 0x01ce24bad1e3f614  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 11f4429b-90ae-11e2-a456-889d5b4ba763
 
Error - 19.03.2013 12:00:13 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010,
 Zeitstempel: 0x50aee9f3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0x1a4c  Startzeit der fehlerhaften Anwendung: 0x01ce24bad77f53d9
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 153c885b-90ae-11e2-a456-889d5b4ba763
 
Error - 19.03.2013 13:07:25 | Computer Name = Ruper-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version: 
6.1.7600.16385, Zeitstempel: 0x4a5bc9e0  Name des fehlerhaften Moduls: msxml3.dll,
 Version: 8.110.7601.17988, Zeitstempel: 0x50920c3d  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000001abbc  ID des fehlerhaften Prozesses: 0x1d64  Startzeit der fehlerhaften
 Anwendung: 0x01ce24c3e1769f62  Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: 7872ab6a-90b7-11e2-a456-889d5b4ba763
 
Error - 19.03.2013 14:03:18 | Computer Name = Ruper-1337 | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.03.2013 14:08:37 | Computer Name = Ruper-1337 | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 19.03.2013 14:02:20 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description = 
 
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 19.03.2013 14:11:19 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description = 
 
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 19.03.2013 14:11:24 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = PNRPSvc | ID = 102
Description = 
 
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 19.03.2013 14:11:25 | Computer Name = Ruper-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 19.03.2013 20:54:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ruper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,75% Memory free
15,79 Gb Paging File | 13,33 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 638,39 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: xyz | User Name: Ruper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Users\Ruper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
PRC - C:\Program Files (x86)\mIRC\mirc.exe (mIRC Co. Ltd.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
MOD - C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation)
DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01  [binary data]
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-292015937-2432269509-3246440885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\Extensions
[2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions
[2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ruper\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi
[2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi
[2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml
[2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml
[2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.t-online.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.t-online.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ruper\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Google Mail = C:\Users\Ruper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-292015937-2432269509-3246440885-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 20:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013.03.19 20:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2013.03.18 18:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\texstudio
[2013.03.18 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\MiKTeX
[2013.03.18 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\MiKTeX
[2013.03.18 18:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
[2013.03.18 18:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeXstudio
[2013.03.18 18:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2013.03.18 18:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2013.03.18 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9
[2013.03.16 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\libimobiledevice
[2013.03.16 13:47:34 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.03.15 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.15 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Ruper\Desktop\mbar
[2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ruper\Desktop\OTL.exe
[2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols
[2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols
[2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86)
[2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\ElevatedDiagnostics
[2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\HpUpdate
[2013.03.08 16:04:13 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMa011.dll
[2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\HP
[2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\Ruper\Desktop\Paris
[2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.06 14:03:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.03.06 14:03:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.06 14:03:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.06 14:03:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.03.06 14:03:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.03.06 14:03:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.03.06 14:03:24 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.06 14:03:24 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.03.06 14:03:24 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.03.06 14:03:24 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.03.06 14:03:24 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.03.06 14:03:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.03.06 14:03:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.03.06 14:03:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.03.06 14:03:24 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.03.06 14:03:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.03.06 14:03:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.03.06 14:03:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.03.06 14:03:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.03.06 14:03:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.03.06 14:03:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.03.06 14:03:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.03.06 14:03:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.03.06 14:03:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.03.06 14:03:23 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.06 14:01:18 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.03.06 14:01:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.03.06 14:01:14 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Local\Google
[2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.28 12:44:50 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 12:44:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 12:44:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 12:44:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 12:44:46 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 12:44:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 12:44:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 12:44:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 12:44:41 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 12:44:41 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 12:44:41 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 12:44:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 12:44:41 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 12:44:41 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 12:44:41 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 12:44:41 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 12:44:40 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 12:44:40 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 12:44:40 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 12:44:40 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 12:44:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 12:44:40 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 12:44:40 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 12:44:40 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 12:44:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 12:44:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 12:44:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 12:44:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 12:44:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\Ruper\AppData\Roaming\kuaiyong
[2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2013.02.22 12:38:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 12:38:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 12:38:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 12:38:49 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 20:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.19 20:51:02 | 000,001,940 | ---- | M] () -- C:\Users\Ruper\Desktop\CrystalDiskInfo.lnk
[2013.03.19 20:27:14 | 000,025,806 | ---- | M] () -- C:\Users\Ruper\Desktop\Religion.odt
[2013.03.19 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.19 19:09:01 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 19:09:01 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 19:08:40 | 000,769,330 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 19:08:40 | 000,673,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 19:08:40 | 000,170,506 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 19:08:40 | 000,141,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 19:08:40 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 19:02:02 | 000,001,962 | ---- | M] () -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.19 19:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 19:01:28 | 625,754,970 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.19 19:01:25 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 18:40:44 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\TeXstudio.lnk
[2013.03.18 00:16:44 | 000,007,334 | ---- | M] () -- C:\Users\Ruper\Desktop\OpenDocument Text (neu) (8).odt
[2013.03.17 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.15 19:06:10 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.15 19:01:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.15 19:01:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.15 14:26:25 | 000,000,102 | -H-- | M] () -- C:\Users\Ruper\Desktop\.~lock.Fr. Revolution.odt#
[2013.03.14 19:59:17 | 000,173,184 | ---- | M] () -- C:\Users\Ruper\Desktop\Berlinale (1).pdf
[2013.03.14 19:56:12 | 000,002,366 | ---- | M] () -- C:\Users\Ruper\Desktop\Google Chrome.lnk
[2013.03.11 22:50:43 | 000,033,476 | ---- | M] () -- C:\Users\Ruper\Desktop\Schermafbeelding 2013-03-11 om 22.31.24.png
[2013.03.10 18:58:11 | 000,303,898 | ---- | M] () -- C:\Users\Ruper\Documents\Scan0002.jpg
[2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ruper\Desktop\OTL.exe
[2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\Ruper\defogger_reenable
[2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\Ruper\Desktop\Defogger.exe
[2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\Ruper\Documents\Scan0001.jpg
[2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\Ruper\Desktop\Fr. Revolution.odt
[2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\Ruper\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.22 12:38:41 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.22 12:38:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.22 12:38:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.22 12:38:36 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 12:38:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 12:38:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 20:51:02 | 000,001,940 | ---- | C] () -- C:\Users\Ruper\Desktop\CrystalDiskInfo.lnk
[2013.03.19 19:05:59 | 000,025,806 | ---- | C] () -- C:\Users\Ruper\Desktop\Religion.odt
[2013.03.18 18:40:44 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\TeXstudio.lnk
[2013.03.18 00:16:44 | 000,007,334 | ---- | C] () -- C:\Users\Ruper\Desktop\OpenDocument Text (neu) (8).odt
[2013.03.15 19:06:02 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.15 14:26:25 | 000,000,102 | -H-- | C] () -- C:\Users\Ruper\Desktop\.~lock.Fr. Revolution.odt#
[2013.03.14 19:59:12 | 000,173,184 | ---- | C] () -- C:\Users\Ruper\Desktop\Berlinale (1).pdf
[2013.03.11 22:50:41 | 000,033,476 | ---- | C] () -- C:\Users\Ruper\Desktop\Schermafbeelding 2013-03-11 om 22.31.24.png
[2013.03.10 18:58:11 | 000,303,898 | ---- | C] () -- C:\Users\Ruper\Documents\Scan0002.jpg
[2013.03.10 16:58:20 | 000,024,576 | ---- | C] () -- C:\Users\Ruper\Desktop\memtest.exe
[2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\Ruper\defogger_reenable
[2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\Ruper\Desktop\Defogger.exe
[2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\Ruper\Documents\Scan0001.jpg
[2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\Ruper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\Ruper\Desktop\Fr. Revolution.odt
[2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\Ruper\Desktop\Google Chrome.lnk
[2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\Ruper\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.24 23:01:41 | 625,754,970 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\Ruper\AppData\Local\RAContactHistory.xml
[2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\Ruper\AppData\Roaming\winscp.rnd
[2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\DAEMON Tools Lite
[2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\DAEMON Tools Pro
[2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Exif Viewer
[2013.03.16 15:03:40 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\iFunbox_UserCache
[2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\ImgBurn
[2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\kuaiyong
[2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\OpenOffice.org
[2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\PDAppFlex
[2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\PeerNetworking
[2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\redsn0w
[2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Samsung
[2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Sinvise Systems
[2013.03.18 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\texstudio
[2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\Tibia
[2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\Ruper\AppData\Roaming\TibiaTestserver
 
========== Purity Check ==========
 
 

< End of report >
         
Miniaturansicht angehängter Grafiken
-unbenannt33.jpg  

Alt 20.03.2013, 19:12   #12
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Windows Repair Tool (AIO)

  • Downloade Windows repair tool
  • Entpacke das Zip und starte Repair_Windows.exe
  • Klicke auf Start repairs Tab dann: Start

    folgende Punkte auswählen

    Register System Files
    Repair WMI
    Repair Windows Firewall
    Remove Policies Set By Infections
    Repair Windows Updates
    Repair MSI (Installer)
    Repair Important Windows Services
    Set Windows Services To Default Startup


    Auswählen: Restart System When Finished
    Dann Start Button klicken.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.03.2013, 21:30   #13
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Schade, aber Firefox stürzt immer noch ab.

Alt 22.03.2013, 12:43   #14
t'john
/// Helfer-Team
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Firefox deinstallieren und neu installieren.
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.03.2013, 23:08   #15
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Funktioniert alles nicht, Firefox stürzt immer noch ab, Bluescreens komme immer noch. Zum Verzweifeln!

Antwort

Themen zu Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
absturz, adobe reader xi, antivir, autorun, avg secure search, avg security toolbar, bluescreen, bluescreen kmode_exception_not_handled, bonjour, ccc.exe, computer, fehler, firefox, flash player, install.exe, jdownloader, logfile, malware, mozilla, msvcrt, netzwerk, realtek, registry, rundll, secure search, security, software, svchost.exe, vtoolbarupdater



Ähnliche Themen: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?


  1. Hilfe Ständig Bluescreen durch dxgmms1.sys, sowie Absturz von Firefox und Thunderbird
    Alles rund um Windows - 15.05.2015 (5)
  2. Ständiger Absturz aller Internet Browser
    Plagegeister aller Art und deren Bekämpfung - 29.10.2014 (12)
  3. Windows 7: TR/BProtector.Gen Malware, Bluescreen und ständiger Neustart
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (3)
  4. ständiger Bluescreen | Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (1)
  5. Absturz Internet Explorer und Firefox gelegendlich auch mit Bluescreen Win7/SP1
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (16)
  6. PC langsam und ständiger absturz mit neustart
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (13)
  7. ständiger Absturz von Mozilla und Kaspersky Pure - lässt sich nur mit Neustart wieder aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (19)
  8. Ständiger PC Absturz mit BlueScreen und Fehler bei Spielen.
    Alles rund um Windows - 19.05.2013 (1)
  9. Ständiger Absturz von Firefox / Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (25)
  10. Ständiger PC-Absturz meistens mit Neustart
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (19)
  11. Mögliche Infektion des PC und Bluescreen
    Log-Analyse und Auswertung - 10.01.2011 (8)
  12. Trackware verseucht, ständiger Bluescreen.
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (7)
  13. Ständiger Bluescreen, Auswertung vom HiJackThis Logfile
    Log-Analyse und Auswertung - 07.06.2010 (2)
  14. Ständiger Bluescreen
    Alles rund um Windows - 04.04.2008 (6)
  15. ständiger Absturz- bitte um Hilfe bei der Logfile-Auswertung - Vielen Dank im Voraus
    Log-Analyse und Auswertung - 09.06.2006 (1)
  16. Absturz/Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2006 (19)
  17. Ständiger Absturz
    Plagegeister aller Art und deren Bekämpfung - 10.01.2004 (4)

Zum Thema Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Hallo, seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. - Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?...
Archiv
Du betrachtest: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.