| Acebeatz | 09.06.2013 02:10 |
Alles klar!
Ich hoffe, das passt so:
OTL und Extras Code:
OTL logfile created on: 09.06.2013 02:23:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,46% Memory free
8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 305,50 Gb Free Space | 65,61% Space Free | Partition Type: NTFS
Drive E: | 58,70 Gb Total Space | 58,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 9,91 Gb Total Space | 9,84 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive G: | 397,14 Gb Total Space | 313,79 Gb Free Space | 79,01% Space Free | Partition Type: NTFS
Computer Name: PRIMUS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.15 18:37:23 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 10:36:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 11:13:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 11:13:05 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.03.27 11:13:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.24 18:25:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.05 17:54:26 | 004,856,296 | ---- | M] (Avira) -- C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe
PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.08.29 12:47:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.09.28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\CAHS.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 15:31:08 | 000,837,008 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.15 18:37:22 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2012.08.29 12:47:31 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\CAHS.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\VMixHS.dll
========== Services (SafeList) ==========
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.15 18:37:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.02 10:36:56 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.05.02 10:36:54 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.27 11:13:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 11:13:05 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.27 11:13:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.24 18:25:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.08.29 12:47:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.06.09 00:56:41 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013.03.27 11:13:24 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 11:13:24 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 11:13:24 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.02.07 15:30:59 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.02.07 15:30:59 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.24 12:05:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.08.24 12:05:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.06.16 23:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.11 15:35:46 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2007.04.11 15:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007.04.11 15:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007.04.11 15:34:58 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119828&tt=070312_wc&babsrc=HP_ss&mntrId=c6b99cf900000000000000248cf78a41
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=be39dc80-036d-417c-95b0-8ac4c0ced9df&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119828&tt=070312_wc&babsrc=SP_ss&mntrId=c6b99cf900000000000000248cf78a41
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.83.62.50:8080
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.16
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20130515
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.26 10:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 10:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.26 10:18:55 | 000,000,000 | ---D | M]
[2011.07.30 22:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013.05.29 19:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bz41x1ya.default\extensions
[2013.05.16 11:18:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bz41x1ya.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.29 19:39:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bz41x1ya.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.15 02:45:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.04 15:49:21 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.02.26 19:31:54 | 000,000,933 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\11-suche.xml
[2013.03.13 01:11:13 | 000,001,294 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\delta.xml
[2012.02.26 19:31:54 | 000,002,419 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\englische-ergebnisse.xml
[2012.02.26 19:31:54 | 000,010,525 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\gmx-suche.xml
[2012.02.26 19:31:54 | 000,002,457 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\lastminute.xml
[2011.07.30 22:05:56 | 000,002,497 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\SearchResults.xml
[2012.07.15 11:42:58 | 000,002,474 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\Web Search.xml
[2012.02.26 19:31:54 | 000,005,508 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bz41x1ya.default\searchplugins\webde-suche.xml
[2013.04.02 22:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.05 11:49:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.08.29 12:47:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 15:10:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.13 01:11:04 | 000,006,523 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.29 12:47:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 15:10:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 15:10:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 15:10:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 15:10:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBB2DA1-0D0E-4784-85C3-0E5E7762137D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14580141-982e-11e0-bc73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{14580141-982e-11e0-bc73-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.09 02:23:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.06.09 00:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.09 00:51:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.08 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.08 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014
[2013.05.30 13:48:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gnubg
[2013.05.30 13:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU Backgammon
[2013.05.30 13:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gnubg
[2013.05.26 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2013.05.26 11:08:40 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.05.26 11:08:40 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.05.26 11:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.05.26 10:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.26 10:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.26 10:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.14 17:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2013.05.14 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2013.05.14 17:43:17 | 000,000,000 | ---D | C] -- C:\Games
[2013.05.14 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
========== Files - Modified Within 30 Days ==========
[2013.06.09 02:22:38 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.06.09 02:20:56 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.06.09 02:15:55 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 02:15:55 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 02:12:42 | 001,839,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.09 02:12:42 | 000,777,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.09 02:12:42 | 000,730,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.09 02:12:42 | 000,179,700 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.09 02:12:42 | 000,151,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.09 02:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 02:08:20 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 01:48:16 | 000,014,648 | ---- | M] () -- C:\Users\Administrator\Desktop\winup.png
[2013.06.09 01:36:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 01:12:17 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.09 00:56:41 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.06.09 00:48:58 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.06.08 23:49:17 | 000,002,270 | ---- | M] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2013.06.08 23:31:37 | 000,001,904 | ---- | M] () -- C:\Users\Administrator\Desktop\System Doctor 2014.lnk
[2013.06.08 16:29:23 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.08 16:29:23 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.08 15:08:40 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.30 13:48:10 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\GNU Backgammon CLI.lnk
[2013.05.30 13:48:10 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\GNU Backgammon.lnk
[2013.05.27 17:24:31 | 013,262,582 | ---- | M] () -- C:\Users\Administrator\Documents\Skript_Physik-Kurs.pdf
[2013.05.27 17:23:21 | 002,417,358 | ---- | M] () -- C:\Users\Administrator\Documents\humanmed-physik.pdf
[2013.05.26 11:33:50 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.26 10:18:48 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.26 10:17:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.18 18:44:32 | 000,284,407 | ---- | M] () -- C:\Users\Administrator\Desktop\Infobroschüre_Figuren-2.pdf
[2013.05.16 11:16:41 | 000,489,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.14 17:51:31 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2013.05.14 17:51:31 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2013.05.14 17:43:18 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.41.lnk
[2013.05.12 23:42:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.05.12 23:42:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
========== Files Created - No Company Name ==========
[2013.06.09 02:22:38 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.06.09 02:20:57 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.06.09 01:48:16 | 000,014,648 | ---- | C] () -- C:\Users\Administrator\Desktop\winup.png
[2013.06.09 01:12:11 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.09 00:56:41 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.06.09 00:48:58 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.06.08 23:49:17 | 000,002,270 | ---- | C] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2013.06.08 18:49:09 | 000,001,904 | ---- | C] () -- C:\Users\Administrator\Desktop\System Doctor 2014.lnk
[2013.05.30 13:48:10 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\GNU Backgammon CLI.lnk
[2013.05.30 13:48:10 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\GNU Backgammon.lnk
[2013.05.27 17:24:35 | 013,262,582 | ---- | C] () -- C:\Users\Administrator\Documents\Skript_Physik-Kurs.pdf
[2013.05.27 17:23:51 | 002,417,358 | ---- | C] () -- C:\Users\Administrator\Documents\humanmed-physik.pdf
[2013.05.26 11:33:50 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.26 11:09:07 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.26 11:02:16 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.18 18:44:32 | 000,284,407 | ---- | C] () -- C:\Users\Administrator\Desktop\Infobroschüre_Figuren-2.pdf
[2013.05.14 17:51:31 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2013.05.14 17:51:31 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2013.05.14 17:43:18 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.41.lnk
[2013.03.13 01:59:06 | 000,004,738 | ---- | C] () -- C:\Users\Administrator\maxout.gnuplot
[2012.12.10 16:00:01 | 000,000,840 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2012.12.08 02:58:01 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2012.12.04 21:50:37 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012.09.18 16:25:08 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2012.dat
[2012.07.22 15:05:35 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2012.07.22 14:57:44 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.25 13:38:29 | 000,007,601 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012.06.11 00:06:54 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2012.04.29 22:53:23 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2012.04.29 22:53:21 | 000,013,521 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2012.04.29 22:53:16 | 000,002,029 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2012.04.29 22:53:16 | 000,000,688 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2012.04.29 22:53:15 | 000,000,638 | ---- | C] () -- C:\Windows\CAHS1.ini
[2012.04.04 22:49:04 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2011.12.29 20:34:48 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.10.12 20:44:14 | 000,200,332 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.08.31 14:35:52 | 001,816,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.27 16:55:26 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.07.09 15:00:25 | 000,001,477 | ---- | C] () -- C:\Users\Administrator\AppData\Local\RecConfig.xml
[2011.06.21 17:55:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.18 00:27:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.06.17 23:18:48 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.17 23:18:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.17 23:18:43 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2011.06.17 17:59:36 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LAME_MP3.dll
[2011.06.17 17:59:29 | 000,065,024 | ---- | C] () -- C:\Windows\IFinst26.exe
[2011.06.16 19:13:35 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.16 18:26:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.08.16 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2013.03.13 01:10:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon
[2012.10.01 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BANDISOFT
[2012.07.17 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2012.11.12 22:47:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CadSoft
[2011.08.05 00:37:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.03.26 14:15:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.04.29 22:53:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Corsair
[2012.07.15 11:45:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2011.09.24 13:02:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011.06.16 19:04:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Easeware
[2011.07.30 22:06:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeVideoConverter
[2012.10.18 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2012.04.20 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Image-Line
[2012.10.06 17:06:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2012.07.15 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenCandy
[2012.12.24 23:39:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012.09.20 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\pokerth
[2012.08.08 18:57:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\runic games
[2012.09.29 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synthesia
[2012.04.22 18:45:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SynthMaker
[2011.07.28 00:58:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sytexis Software
[2012.10.14 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\texstudio
[2013.02.27 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Creative Assembly
[2011.08.23 15:40:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2013.06.08 19:09:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2011.07.11 13:31:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.09.17 16:45:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2013.03.08 02:48:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WordToPDF
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
Code:
OTL Extras logfile created on: 09.06.2013 02:23:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,46% Memory free
8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 305,50 Gb Free Space | 65,61% Space Free | Partition Type: NTFS
Drive E: | 58,70 Gb Total Space | 58,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 9,91 Gb Total Space | 9,84 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive G: | 397,14 Gb Total Space | 313,79 Gb Free Space | 79,01% Space Free | Partition Type: NTFS
Computer Name: PRIMUS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07370B1D-8AC1-44EF-8660-945DC10A7976}" = lport=139 | protocol=6 | dir=in | app=system |
"{0CCE8E2D-003E-4FEC-9609-A6410301DE12}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F117DD1-D0E1-4E7B-877C-F48F1A10146D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D55D0EB-9967-4531-9008-7A1C3EA6C6D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2DE59E38-B2F9-44A7-961D-63913F043DB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2FE83803-3121-4E8D-AA21-66D6B83B9A3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{3187A981-5A50-445A-8433-FA31EABB2F69}" = lport=137 | protocol=17 | dir=in | app=system |
"{39368B78-B419-4CE3-8408-BC8006FCA4DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47BD138C-FA03-4325-8799-EB2546E0E173}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7142F89B-A684-44FD-A4BF-F86C2DFB885F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7674F7C6-A217-4662-B274-68AE7EE10D4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{796AEE6E-DD90-4131-99FB-92CF96059EC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81A4673C-B8BD-4712-9CF2-4553DAC4E67C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F67A380-6FBF-4C03-B903-E59A37EAF020}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{953D96EA-ADF9-4971-8FDB-A1F6D600F507}" = rport=445 | protocol=6 | dir=out | app=system |
"{A510D9C9-16AF-4F25-A251-5990D1F6A7CB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A5E09C86-F0A0-4E97-B32F-41C665F1A998}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B21268F6-15F6-4356-9A60-6D2BB3D8F29B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF382397-FA6B-4C9C-945D-C529D191F589}" = lport=138 | protocol=17 | dir=in | app=system |
"{D1E7A112-F790-49E5-82DF-8C8E412BB5CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9B1BCE3-13F0-41F0-87C1-4D4F1DF9CE00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F787213F-B595-4120-9F4D-B3A9FDC48EA0}" = rport=138 | protocol=17 | dir=out | app=system |
"{F82BE348-DAF6-4572-ABAE-EDD3ECCB496C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B377AF-B626-428D-84EF-7C47AA0BFC6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0548586C-F2A4-4341-860A-7CCD4A1BADF5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{0C342F8D-4A0F-4BD4-85E0-E1B80A1E8FAC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16AB16D6-12D7-4341-ADD1-82049601140D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{170D8500-4144-4D6B-B8D9-014065B0A55D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E5887A6-34A4-45E5-A785-6F78F87F0F05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{261A0C11-468C-4E39-8C57-AE7FC7E5D944}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{290EDACA-46E4-40FA-A486-1A39E4C6FBDA}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{2A68DD29-718E-46E8-BC29-6C81B0630231}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2AAEC8D5-F38F-4A9B-A6A0-BD223A2349AE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{2CE49C63-6C9C-4824-8F80-17A1FCAEE072}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F6264FB-C943-452B-8372-F03696C0041A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{370F4F37-E560-4299-A34E-C139825154C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{474BB30F-7E45-4C07-9097-616E52C4C0CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F9F5DB2-78A6-471B-BE65-58CD64F3F891}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{562DB071-8594-4F2B-B0EB-0D478A8F4A2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58BCEC78-2305-444C-8F1D-E49D0B925C84}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5EB3B714-26B7-4E47-B762-4A5965EEA1EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{64323421-5DE2-4491-82B9-172C5B9CF8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{68F72E20-4FB0-4332-ADD2-47D5AA5DB1D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76AA61F6-5E3A-4254-90AF-422D4082BE87}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7896F88A-48E7-4458-99FD-DBBD0B019FF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78D6657F-36DC-4E87-836F-325B6074BCBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7BE428D4-2B7A-4B89-B8CE-4C1816196CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{7C719851-DE82-4326-8151-1FE9566FCECD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8160F3AA-51F8-46DE-8322-F86FBA54CC75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{816E2BE9-EC46-4715-9954-047B1C3D1246}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{820AA047-5688-43FF-AA40-E7F0EF72E96C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{82320A93-F5A9-4672-9E23-EEF22407BD47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82C0B401-E762-4E7C-BD2C-643A5828CC4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83BF2DD5-EE57-4B16-83D3-7EF78D1D8B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89DEE391-AE2C-4E0D-9E36-4BA2B89B00EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B7D5470-5AC9-4AFD-87E6-33726D20EA3D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B9B7942-5399-4EFD-8C59-F7FA535B8A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A3EFEBA2-1887-475A-85B9-125CB7795668}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A98D4411-76F2-4820-AA9D-AB71509444F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ABFC4443-DF7E-417E-BD69-9AD23AD3393C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{ACAC7C92-EA27-4AEF-8D41-6559F00342D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE43CB9D-1703-40B6-9DAE-6C81D1919595}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{B963DF3E-7C4C-48F6-B03E-69CBE4031580}" = protocol=6 | dir=out | app=system |
"{B9FF6852-CD58-4388-BB7A-28DC1BEE15DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BC364591-185B-4100-AE5A-4AF5C0A940D8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BEF6674E-3A2A-46CE-BC86-AB667288D9AD}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BEF8430C-CD56-4299-A8F2-5E829B9D4430}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C630D08E-8FBD-4BB1-9DFB-165C72855777}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C79C758E-360F-4126-9D42-A2D3A5462489}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{C7F75D7E-CAE7-41F8-9763-BAA8CC757CA5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CAE41D50-EA52-4B67-8CE9-67E60144AB11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8B35EF4-9BC0-4C41-9C45-1864646F8EF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D8F619D6-8D50-46AA-8BC4-FBB109E1024B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DDF56C72-F8F0-4844-BC6D-C03FFF99FADE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{DE32A5F6-79CF-48A3-9A80-0EC98BBED92E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E837B236-5658-4481-910B-0042FA711901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE0F5BA1-B854-47B8-A750-416A430EF561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF825227-4D86-4300-B4B9-D5332B3FC4AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F967D206-1988-486C-97C0-CC3232175438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{3527BC36-AFBC-472B-B11B-213A4D6B31B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB3505F6-DD9E-4D1E-8AFE-3DB7A884EAB8}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{ADE92DCE-CAD6-4D59-983C-5F4BAC48D378}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{DF2A8A56-3923-4BE4-916D-9859D6EE0AF2}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{59C9EA82-3C51-4063-A3B2-01FB2FB2928C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{6F2955F5-9DFB-4A25-BBD6-EDBC593F214F}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{8FB08218-97C0-475D-AEA4-521ECC1D2280}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{F89F4F38-6142-4C38-A504-7B1A0C49FA26}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5BCC64F1-F715-4DB9-ADC4-0CCA4DFF5722}" = MAGIX Music Maker Soundtrack Edition
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{761AB0B9-12C2-4B0B-BF4A-124BFB96190E}" = MAGIX Goya burnR (MSI)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABD7315-CA19-48F2-B521-97C27E605F9A}" = Vita String Ensemble
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAD67207-9C80-45F4-86E2-525AED467B96}" = MAGIX Music Maker Soundtrack Edition Soundpools
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23D41E39-79E7-4029-81CD-F23E6F3B9364}" = MAGIX Music Maker MX Premium
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{471B8234-7DAA-45BD-B2FC-6F912940D175}" = MAGIX Music Maker MX Premium Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{580AEA6C-E35C-4470-818F-0F0A083EE1AD}" = Razer Lachesis 5600
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair USB Headset
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF99669B-C6DC-43C4-8523-6758C01731BD}" = MAGIX Speed burnR (MSI)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0596921-CE45-4543-8471-0FD5BE0B5B4A}" = MAGIX Music Maker MX Premium Update
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB2CB440-BE28-4BF2-BB7A-A98383324356}" = MAGIX Screenshare
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArtMoney SE_is1" = ArtMoney SE v7.41
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Internet Security
"AviraSpeedup" = Avira System Speedup
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"GeoGebra" = GeoGebra
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"GPL Ghostscript 9.06" = GPL Ghostscript
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"JabRef 2.8.1" = JabRef 2.8.1
"MAGIX_{5BCC64F1-F715-4DB9-ADC4-0CCA4DFF5722}" = MAGIX Music Maker Soundtrack Edition
"MAGIX_{761AB0B9-12C2-4B0B-BF4A-124BFB96190E}" = MAGIX Goya burnR (MSI)
"MAGIX_GlobalContent" = MAGIX Content und Soundpools
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus
"Maxima-5.28.0-2_is1" = Maxima 5.28.0-2
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"Synthesia" = Synthesia (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
"WordToPDF_is1" = WordToPDF 2.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.04.2013 08:58:02 | Computer Name = Primus-PC | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.7.15295 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e60 Startzeit: 01ce338f7cb5b0a0 Endzeit: 7 Anwendungspfad: C:\Program
Files (x86)\Diablo III\Diablo III.exe Berichts-ID: c40070a7-9f82-11e2-8039-00248cf78a41
Error - 11.05.2013 10:43:14 | Computer Name = Primus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x1230 Startzeit der fehlerhaften Anwendung: 0x01ce4e553d66195d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1bf7bc11-ba49-11e2-a123-00248cf78a41
Error - 12.05.2013 16:08:39 | Computer Name = Primus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x1dd8 Startzeit der fehlerhaften Anwendung: 0x01ce4f4c625502fa Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: bc0f451b-bb3f-11e2-9825-00248cf78a41
Error - 15.05.2013 16:38:58 | Computer Name = Primus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15a8 Startzeit:
01ce517c5ce02ee4 Endzeit: 12 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
74e03e6a-bd9f-11e2-82b2-00248cf78a41
Error - 25.05.2013 17:44:45 | Computer Name = Primus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FL.exe, Version: 0.0.0.0, Zeitstempel:
0x4d3574e7 Name des fehlerhaften Moduls: FLEngine.dll, Version: 10.0.0.9, Zeitstempel:
0x4e9e909c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00165ffb ID des fehlerhaften Prozesses:
0x1348 Startzeit der fehlerhaften Anwendung: 0x01ce59910e477b81 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Image-Line\FL Studio 10\FLEngine.dll Berichtskennung:
5016cd2a-c584-11e2-95cc-00248cf78a41
Error - 08.06.2013 17:49:07 | Computer Name = Primus-PC | Source = System Restore | ID = 8193
Description =
Error - 08.06.2013 17:49:14 | Computer Name = Primus-PC | Source = System Restore | ID = 8193
Description =
Error - 08.06.2013 18:51:21 | Computer Name = Primus-PC | Source = System Restore | ID = 8193
Description =
Error - 08.06.2013 18:51:26 | Computer Name = Primus-PC | Source = System Restore | ID = 8193
Description =
Error - 08.06.2013 19:06:31 | Computer Name = Primus-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 08.06.2013 18:20:19 | Computer Name = Primus-PC | Source = DCOM | ID = 10005
Description =
Error - 08.06.2013 19:07:52 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FileZilla Server FTP server" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 08.06.2013 19:08:25 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.
Error - 08.06.2013 19:08:25 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 08.06.2013 19:08:25 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 08.06.2013 19:08:55 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Updating Service erreicht.
Error - 08.06.2013 19:08:55 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 08.06.2013 19:19:59 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FileZilla Server FTP server" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 08.06.2013 20:05:44 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 08.06.2013 20:08:29 | Computer Name = Primus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FileZilla Server FTP server" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
Gmer Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 03:07:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD5001AALS-00L3B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdiapoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033a5000 45 bytes [00, 00, C6, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606 fffff800033a502e 17 bytes [44, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073bc1a22 2 bytes [BC, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073bc1ad0 2 bytes [BC, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073bc1b08 2 bytes [BC, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073bc1bba 2 bytes [BC, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073bc1bda 2 bytes [BC, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe[2956] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe[2956] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1320:1324] 00000000013cd227
Thread C:\Windows\SysWOW64\ntdll.dll [1320:1568] 00000000746a32fb
Thread C:\Windows\SysWOW64\ntdll.dll [1672:1676] 000000000107d227
Thread C:\Windows\SysWOW64\ntdll.dll [1672:2920] 000000007450e2db
Thread C:\Windows\SysWOW64\ntdll.dll [1672:3224] 0000000072718df0
Thread C:\Windows\SysWOW64\ntdll.dll [1672:3228] 0000000072718df0
Thread C:\Windows\SysWOW64\ntdll.dll [1672:3232] 0000000072718df0
Thread C:\Windows\SysWOW64\ntdll.dll [1672:3236] 0000000072714e70
Thread C:\Windows\SysWOW64\ntdll.dll [2444:2628] 0000000000ce3fe1
Thread C:\Windows\SysWOW64\ntdll.dll [2444:3660] 000000006f690dd0
Thread C:\Windows\SysWOW64\ntdll.dll [2444:3664] 000000006d908bcc
Thread C:\Windows\SysWOW64\ntdll.dll [2444:3668] 000000006d908ea1
Thread C:\Windows\SysWOW64\ntdll.dll [2444:3672] 000000006d9087ab
Thread C:\Windows\SysWOW64\ntdll.dll [2444:3676] 000000006f92786a
---- EOF - GMER 2.1 ----
Kleine Ergänzung, ich hab herausgefunden, warum Windows Update nicht ging. Es wurde deaktiviert und ich musste es manuell aktivieren über Verwaltung - Dienste - Win Update aktivieren
Anscheinend hat das Ding einige Funktionen deaktiviert... neben der Frage nach evtl. Resten, kann ich herausfinden, was genau deaktiviert wurde?
(sry für doppelpost!) |
AdwCleaner auf deinen Desktop.
Farbar Service Scanner 
Malwarebytes Anti-Malware 
SecurityCheck und:
Aktualität von System und Software
Textbox. 