| Fritschii | 19.01.2013 19:45 |
Ich habe versucht die Anleitung zur Thread-Erstellung so ganau wie möglich zu befolgen, wofür ich folgendes gemacht habe:
In der "Log-Analyse und Auswertung"-Rubrik habe ich die "Ankündigung: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" geöffnet, dort bei "Bitte unbedingt lesen und Beachten!" dem Link " http://www.trojaner-board.de/69886-f...-beachten.html" zur Anleitung von "Sunny" gefolgt.
Dort heißt es am Ende von Punkt "3": Code:
Erstelle ein neues Thema und poste den Inhalt von
OTL.txt
EXTRAS.txt
Gmer.txt
Nachdem ich aus dieser Ansage nicht einwandfrei ersehen konnte WIE ich nun die Inhalte posten soll, habe ich einige andere Themen geöffnet und festgestellt, dass dort immer als Anhang gepostet wurde, weswegen ich mich dem dann angeschlossen habe.
Um Deine Frage also zumindest was meine Vorgehensweise betrifft zu beantworten, so hätte Deine Anleitung zum Inhaltposten, die Du mir hier als Antwort gegeben hast, in Sunnys Anleitung stehen müssen. Übrigens habe ich festgestellt, dass anscheinend automatisch Titel für die Codes erstellt werden, zumindest für OTL. Wenn ihr für alle Codes auch noch passende Überschriften haben wollt, könnte man das in Deine Anleitung mit aufnehmen.
Ich gehe mal davon aus, dass Du mir versuchen wirst zu helfen nachdem ich meine Anhänge als Code gepostet habe, darum tu ich das jetzt hier. Für die Spybot-Logfile war die zulässige Beitragslänge überschritten und nachdem diese von Euch sowieso nicht explizit angefordert ist, lass ich die jetzt raus (ist ja als Anhang oben enthalten), womit die Beitragslänge nun zulässig wurde.
Nun, nachdem ich ein braver User war, hoffe ich auf Hilfe :heilig: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 15/01/2013 (Oraleva)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
OTL Logfile: Code:
OTL logfile created on: 15.01.2013 16:35:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free
15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.15 16:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.12.18 15:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe
PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2010.09.09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Treiber\EPU\EPU.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
========== Modules (No Company Name) ==========
MOD - [2012.12.18 15:28:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Treiber\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Treiber\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Treiber\EPU\AsusService.dll
MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.11 18:43:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.08.06 11:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.02.29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.09.18 00:10:40 | 000,167,936 | ---- | M] (Softomotive) [On_Demand | Stopped] -- C:\Programme\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service)
SRV - [2010.12.14 16:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.05.27 17:18:08 | 000,103,512 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriver64.sys -- (stdriver)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.10 01:38:43 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.10 01:38:43 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 04:11:05 | 000,037,888 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfnd51.sys -- (ip100Avista)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.01.11 12:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.12.14 15:53:18 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 4E 67 51 BA D5 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.11 17:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M]
[2011.02.26 14:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Extensions
[2013.01.11 19:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions
[2013.01.11 17:54:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.11 19:28:52 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.01.07 15:56:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.01.11 18:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 18:43:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.11 17:38:03 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013.01.11 18:43:12 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 17:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 14:36:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.10 17:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 17:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.10 17:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.10 17:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.01.14 22:54:29 | 000,888,494 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15286 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG 2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Treiber\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8:64bit: - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0991080A-0A03-479D-9950-7F865179AD56}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E52CF6-1902-46CB-8434-BE0DB963E4A2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun
O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\ME1_DE.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.11 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.11 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.03 21:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.22 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.20 17:19:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.20 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.18 04:16:13 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2012.12.18 04:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012.12.18 04:16:12 | 000,000,000 | ---D | C] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter
[2012.12.18 04:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 16:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 16:30:47 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 16:29:05 | 000,000,020 | ---- | M] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.15 15:35:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.14 22:54:29 | 000,888,494 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.14 19:53:45 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.14 19:53:45 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.14 19:53:45 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.14 19:53:45 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.14 19:53:45 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 15:31:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.01.11 15:24:07 | 000,415,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 17:27:53 | 001,598,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.07 22:54:30 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk
[2012.12.25 05:04:51 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.12.20 17:32:04 | 000,007,609 | ---- | M] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.15 16:29:05 | 000,000,020 | ---- | C] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.07 22:54:30 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk
[2013.01.03 21:31:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.25 05:04:51 | 000,000,598 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.12.20 17:32:04 | 000,007,609 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg
[2012.12.20 17:19:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.18 04:16:18 | 000,001,177 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2012.12.18 04:16:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012.12.18 04:16:12 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012.12.18 04:16:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012.11.07 15:49:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.08.07 20:20:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.07 20:20:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.11 05:18:14 | 000,019,002 | ---- | C] () -- C:\Users\Oraleva\.recently-used.xbel
[2012.05.24 22:09:56 | 000,114,688 | ---- | C] () -- C:\Windows\Lavish.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.31 15:00:29 | 000,010,639 | ---- | C] () -- C:\Users\Oraleva\WiehlerZ_elster_2048.pfx
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.29 08:28:08 | 000,000,798 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.19 18:46:33 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.02.19 18:46:33 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.01.06 21:49:45 | 000,000,393 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.01.06 20:11:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.06 20:11:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.06 20:11:52 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.01.06 20:11:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.06 20:11:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.06 19:23:55 | 000,007,680 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.12 18:00:09 | 000,001,526 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\No23 Recorder.lnk
[2011.11.08 16:21:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.24 23:33:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.06.24 23:33:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.06.24 23:33:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.06.24 23:11:35 | 000,027,089 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.04.02 13:03:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011.04.02 13:03:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011.04.02 13:03:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011.04.02 13:03:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011.04.02 13:03:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011.04.02 13:03:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011.04.02 13:03:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011.04.02 13:03:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011.04.02 13:03:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011.04.02 13:03:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011.04.02 13:03:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011.04.02 13:03:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011.04.02 13:03:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011.04.02 13:03:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011.04.02 13:03:14 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011.04.02 13:03:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011.04.02 13:03:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011.03.20 18:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.03.08 13:08:07 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.01 19:12:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.26 01:17:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.26 00:30:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.26 00:30:19 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.26 00:30:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.02.26 00:30:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.02.25 23:55:21 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.02.25 23:52:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.12.23 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Acoustica
[2012.05.02 02:59:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Advanced Combat Tracker
[2012.01.06 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ashampoo
[2013.01.10 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Audacity
[2011.11.06 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2012
[2012.12.13 22:50:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2013
[2011.05.31 12:11:48 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canneverbe Limited
[2012.03.01 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canon
[2012.11.28 01:31:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Crossword Compiler Deutsch 8
[2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools
[2013.01.14 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Lite
[2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Pro
[2012.06.25 23:41:49 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Dropbox
[2012.05.27 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DVDVideoSoft
[2012.08.04 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FileZilla
[2013.01.08 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\foobar2000
[2012.12.20 01:18:53 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter
[2012.06.10 04:11:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\gtk-2.0
[2011.02.26 23:57:07 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LockHunter
[2012.08.31 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LolClient
[2011.07.26 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Notepad++
[2011.12.01 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\POB
[2012.12.13 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\TuneUp Software
[2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\UAs
[2012.12.12 04:11:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ubisoft
[2011.09.05 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Unity
[2011.12.03 05:38:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\VDownloader
[2012.01.06 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Video DVD Maker FREE
[2011.11.06 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Xilisoft
[2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\xmldm
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 15.01.2013 16:35:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free
15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E241E2F-D648-4A90-9903-CDC3288418C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ED54C44-85D3-4B4E-9BCA-EDE056CDB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{161473B2-340C-48B1-A63A-597A4637E1CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{356C42EB-2EE2-46B8-98D0-A29381AE1B60}" = lport=138 | protocol=17 | dir=in | app=system |
"{46E25BB4-321B-4A28-BCA5-7946876A59F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C3C665F-A0D7-4EF9-924A-7A717B025898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EE50CD5-E6D4-4A56-8656-69A5CF192C66}" = lport=139 | protocol=6 | dir=in | app=system |
"{98D466BA-423A-45A9-ACC9-FB1F8DE99DC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FDEEB32-05FF-4E9B-B8D5-9FD1EB9CA812}" = rport=445 | protocol=6 | dir=out | app=system |
"{A834399E-A280-42E5-BC37-0067CF41A34D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0559A10-B482-4D4E-9E02-D8F2429CBFBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{CED7293A-C683-463F-AF4D-3D042DE3D32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C87976-1071-4FF8-BB1F-12F832B9D656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{04B93F66-CC9A-4A26-928D-2DE3CFEF1CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B6238AB-AD3F-4648-A63C-201EE0FC2F59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{4371750A-C02B-4EA0-911C-07D2A330EBA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{52C26434-7AFD-4661-9A83-F9F32ACFEE2B}" = protocol=58 | dir=in | app=system |
"{6A61D799-AB1E-4DAA-BB2E-AEFB9ECB9746}" = dir=in | name=lisa pc |
"{72D7C9D7-BA9C-438C-8B85-990184FC8910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5F29929-E36D-49F7-9AFB-AF533174C737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{DD2D2D60-118F-4249-8A91-CAEFB054CD27}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{E3D3E0D4-3928-4F87-BDB5-DF9010805AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFF03BBE-152D-48E7-A711-362DE1DE1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{FE20DE68-5F3C-449A-81DB-081A44A25F8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{10CAB2F0-4F68-4162-9B50-C7DB400DFBDF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{14EF3ACF-9647-4DC2-B237-4D0B02661A9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{297E2A22-1418-440E-B96C-6DEAA3FB58EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{42426BF4-1288-4D96-962F-E89D4E084FCC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{66A0F974-5E12-4E9D-A123-B1C6B6BA9804}" = Classic Shell
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1" = Half-Life Singleplayer Edition 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3844035A-9429-4E54-86B0-6EE3778BA3FB}_is1" = The Elder Scrolls V: Skyrim
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"BOSS" = BOSS
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Crossword Compiler Deutsch 8 Testversion" = Crossword Compiler Deutsch 8 Testversion
"Debut" = Debut Video Capture Software
"Determinance_is1" = Determinance
"Diablo II" = Diablo II
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DiskSpeed32" = DiskSpeed32
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"GeoGebra" = GeoGebra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MetaProducts Portable Offline Browser" = MetaProducts Portable Offline Browser
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Sonique15" = Sonique
"Soulseek" = SoulSeek Client 156c
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steamless_FakeFactory_CM10" = Steamless_FakeFactory_CM10
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The Elder Scrolls V Hearthfire DLC Englische Version 1.00" = The Elder Scrolls V Hearthfire DLC Englische Version 1.00
"The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00" = The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00
"The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00" = The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"TheHive_is1" = The Hive 1.2
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"VLC media player" = VLC media player 1.1.7
"WinAutomation" = WinAutomation
"WinPcapInst" = WinPcap 4.1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"GeoGebra WebStart" = GeoGebra WebStart
"SOE-EverQuest" = EverQuest
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Xilisoft DVD Audio Ripper 6" = Xilisoft DVD Audio Ripper 6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 19:31:02 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.01.2013 01:54:03 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0x01cdf0074ed16c95
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
77ab9ff9-5c7c-11e2-bc4a-bcaec52abc04
Error - 12.01.2013 19:54:08 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.01.2013 02:02:01 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01cdf0b6a7f9e0ee
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
becd7989-5d46-11e2-b3c7-bcaec52abc04
Error - 13.01.2013 22:23:13 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.01.2013 02:37:19 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x760 Startzeit der fehlerhaften Anwendung: 0x01cdf194761f6ff8
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
d7c50fec-5e14-11e2-b8b7-bcaec52abc04
Error - 15.01.2013 00:45:33 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x73c Startzeit der fehlerhaften Anwendung: 0x01cdf26996f75024
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
64b13282-5ece-11e2-89f0-00059a3c7a00
Error - 15.01.2013 10:59:53 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.01.2013 11:09:56 | Computer Name = Nightfall | Source = MsiInstaller | ID = 11609
Description =
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x7a0 Startzeit der fehlerhaften Anwendung: 0x01cdf324f5e1bae1
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
5a84df1d-5f28-11e2-9f78-bcaec52abc04
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:31:02 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 15.01.2013 11:31:34 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
[ OSession Events ]
Error - 31.10.2011 12:15:53 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1026
seconds with 780 seconds of active time. This session ended with a crash.
Error - 01.10.2012 13:58:44 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1313
seconds with 420 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 13.12.2012 17:08:20 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:09:05 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:12:40 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:15:32 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:13:19 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:14:07 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:29:49 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:39 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:55 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 15.01.2013 09:36:59 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 15.01.2013 09:33:53 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 15.01.2013 09:33:54 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 09:34:24 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 09:34:55 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:29:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 15.01.2013 11:30:59 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:31:07 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:32:00 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
< End of report >
--- --- --- Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 17:54:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Oraleva\AppData\Local\Temp\fxlirpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074cf17fa 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074cf1860 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074cf1942 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074cf194d 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074cf17fa 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074cf1860 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074cf1942 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074cf194d 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028:4128] 0000000074cb62ee
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3468] 000007fef4c7cc10
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3532] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:5100] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4192] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4248] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4532] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4564] 000007fef4c4f718
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4632] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4472] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4476] 000007fef4b3143c
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4892] 000007fef5176050
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3248] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:656] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:4444] 000007fefae72a7c
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5436] 000000006d746c88
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5516] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5520] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5524] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5528] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5616] 000007fee848e480
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028] 0000000072500000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2916] 0000000002fe0000
Library ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312] 000007fef54c0000
Library ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944] 000007fefc5c0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x75 0xA1 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xF6 0x9A 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xEF 0x72 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x35 0x99 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x75 0xA1 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xF6 0x9A 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xEF 0x72 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x35 0x99 0xA6 ...
---- EOF - GMER 2.0 ----
|
Lesestoff: