Ich für alle 1-2 Jahre eine Neuinstallation durch - da mein System aber erst mal noch gut läuft und der Aufwand doch immer recht groß ist, will ich das erst Mal so lassen. Das kommt bei der nächsten Neuinstallation mit auf die Liste.
Bei einem Scan mit aswMBR hängt sich das Programm immer bei C:\Users\Administrator auf ... hmm
und zum Schluss noch Mal die Log-Files von OTL: Code:
OTL logfile created on: 02.03.2015 08:41:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free
6,50 Gb Paging File | 4,88 Gb Available in Paging File | 75,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 52,19 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 164,69 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 15,41 Gb Free Space | 31,55% Space Free | Partition Type: NTFS
Drive F: | 833,84 Gb Total Space | 832,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 23,30 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
Drive X: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Drive Z: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Computer Name: KRAXI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software)
PRC - C:\Windows\SuRun.exe (hxxp://kay-bruns.de)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Portable Programme\K10Stat\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe (Guillemot Corporation S.A.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Program Files\Avast\libcef.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Hercules\Dualpix Exchange\highgui110.dll ()
MOD - C:\Program Files\Hercules\Dualpix Exchange\cv110.dll ()
MOD - C:\Program Files\Hercules\Dualpix Exchange\cxcore110.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Avast\AvastSvc.exe (AVAST Software)
SRV - (AvastVBoxSvc) -- C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software)
SRV - (SuRunSVC) -- C:\Windows\SuRun.exe (hxxp://kay-bruns.de)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswMBR) -- C:\Users\Administrator\AppData\Local\Temp\aswMBR.sys File not found
DRV - (ALSysIO) -- C:\Users\Admin.KRAXI\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswsnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswStm) -- C:\Windows\System32\drivers\aswstm.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (VBoxAswDrv) -- C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys (Avast Software)
DRV - (ampa) -- C:\Windows\System32\ampa.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\.DEFAULT\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-18\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: %7Baf79f858-4b25-4ca4-822b-b5db1be628fc%7D:0.4.1
FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.28
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.15
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:4.0.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.15.3
FF - prefs.js..extensions.enabledAddons: copyplaintext%40teo.pl:1.3.2
FF - prefs.js..extensions.enabledAddons: extended.copy.menu%40fix.version:1.6.1c
FF - prefs.js..extensions.enabledAddons: giorgio%40gilestro.tk:1.0.6
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:1.0.8
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF [2015.01.27 12:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014.06.01 13:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013.10.14 20:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions
[2013.10.15 10:36:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2013.10.15 10:36:06 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions\https-everywhere@eff.org
[2015.03.01 14:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions
[2014.06.01 13:23:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2015.01.01 10:01:22 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions\https-everywhere@eff.org
[2013.10.14 20:53:28 | 001,097,649 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\2.0@disconnect.me.xpi
[2013.10.14 20:53:28 | 000,048,746 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\copyplaintext@teo.pl.xpi
[2013.10.14 20:53:28 | 000,019,423 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\extended.copy.menu@fix.version.xpi
[2013.10.14 20:53:28 | 000,020,699 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\firefox1@myibay.com.xpi
[2013.10.14 20:53:28 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\giorgio@gilestro.tk.xpi
[2013.10.14 20:53:27 | 000,172,839 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\requestpolicy@requestpolicy.com.xpi
[2013.10.14 20:53:27 | 000,534,789 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.10.14 20:53:27 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2013.10.14 20:32:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.14 20:53:27 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.10.14 20:53:27 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
[2015.02.21 18:59:19 | 000,947,844 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\2.0@disconnect.me.xpi
[2015.01.01 11:02:41 | 000,061,214 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\copyplaintext@teo.pl.xpi
[2015.02.19 17:27:45 | 000,127,486 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.10.14 21:20:54 | 000,019,423 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\extended.copy.menu@fix.version.xpi
[2014.11.23 09:59:22 | 000,020,693 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\firefox1@myibay.com.xpi
[2013.10.14 21:20:54 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\giorgio@gilestro.tk.xpi
[2014.11.20 11:40:54 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\requestpolicy@requestpolicy.com.xpi
[2015.03.01 14:36:41 | 000,202,627 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2015.02.20 14:40:11 | 000,544,463 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014.09.30 16:11:51 | 000,071,151 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
[2013.10.14 21:20:54 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2015.01.15 11:32:51 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.14 21:20:53 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.10.14 21:20:53 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
[2015.01.01 11:02:41 | 000,133,650 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2015.03.01 10:53:06 | 000,005,783 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\searchplugins\startpage-https---deutsch.xml
[2014.05.31 09:34:35 | 000,009,419 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\searchplugins\yahoo-avast.xml
[2015.02.25 10:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.02.25 10:12:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CamserviceExchange] C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SuRun Systemmenü-Erweiterung] C:\Windows\SuRun.exe (hxxp://kay-bruns.de)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CF0AE36-5C3D-4AD9-9FE1-19C17ABCEF27}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll (hxxp://kay-bruns.de)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015.03.02 08:17:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.03.02 08:02:44 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswmbr.exe
[2015.03.01 13:13:38 | 001,132,032 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2015.02.25 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.02.23 08:57:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{68D9EB6A-D28F-437C-ACB3-C801259CFA2B}
[2015.02.23 08:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D4F46F7B-EA64-43A2-9BE5-84321CB4D190}
[2015.02.23 08:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}
[2015.02.21 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mp3tag
[2015.02.12 07:07:27 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.02.11 16:12:19 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perftrack.dll
[2015.02.11 16:12:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powertracker.dll
[2015.02.11 09:05:27 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.02.11 09:05:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.02.11 09:05:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.02.11 09:05:25 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.02.11 09:05:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.02.11 09:05:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.02.11 09:05:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015.02.11 09:05:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015.02.11 09:05:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.02.11 09:05:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.02.11 09:05:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.02.11 09:05:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015.02.11 09:03:00 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.02.11 09:02:56 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015.02.11 09:02:41 | 003,921,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.02.11 09:02:40 | 003,977,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.02.11 09:00:30 | 001,167,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2015.02.11 09:00:30 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015.02.11 09:00:30 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015.02.11 09:00:30 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015.02.11 09:00:30 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015.02.11 09:00:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015.02.11 09:00:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015.02.11 09:00:29 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
========== Files - Modified Within 30 Days ==========
[2015.03.02 08:23:10 | 000,030,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.03.02 08:23:10 | 000,030,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.03.02 08:17:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.03.02 08:03:07 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswmbr.exe
[2015.03.02 07:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.03.02 07:48:03 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2015.03.01 13:30:51 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.03.01 13:13:53 | 000,380,416 | ---- | M] () -- C:\Users\Administrator\Desktop\Gmer-19357.exe
[2015.03.01 13:13:45 | 001,132,032 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2015.03.01 13:13:16 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2015.02.11 10:53:00 | 000,269,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.02.05 09:04:25 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.02.05 09:04:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.02.04 03:54:02 | 000,482,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015.02.04 03:53:44 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015.02.04 03:53:39 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015.02.04 03:53:37 | 000,767,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015.02.04 03:53:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015.02.04 03:53:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015.02.04 03:49:50 | 000,886,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
========== Files Created - No Company Name ==========
[2015.03.02 08:23:31 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2015.03.01 13:13:51 | 000,380,416 | ---- | C] () -- C:\Users\Administrator\Desktop\Gmer-19357.exe
[2015.03.01 13:13:13 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2014.12.18 20:18:13 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe
[2014.12.18 20:18:13 | 000,014,448 | ---- | C] () -- C:\Windows\System32\ampa.sys
[2014.04.23 18:07:54 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.01.27 13:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2013.11.26 18:31:56 | 000,000,017 | ---- | C] () -- C:\Windows\spwdrt.INI
[2013.11.04 16:03:08 | 000,009,728 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll
[2013.10.27 12:46:44 | 000,007,633 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013.10.19 23:35:59 | 000,002,865 | ---- | C] () -- C:\Windows\System32\k10stat.dat
[2013.10.15 15:46:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2013.10.15 15:46:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2013.10.15 13:13:41 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.10.15 13:13:40 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.10.15 13:05:15 | 005,694,504 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013.10.15 13:05:11 | 000,620,273 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013.10.15 13:04:55 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2013.10.14 19:33:05 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2013.10.14 19:31:47 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2013.10.14 19:30:49 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2013.10.14 19:30:49 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2013.10.14 19:30:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2013.10.14 19:30:49 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2013.10.14 19:30:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2013.10.14 19:27:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.10.14 19:09:58 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2013.10.14 19:08:13 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI
[2013.10.14 18:44:59 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013.10.14 18:44:59 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013.10.14 18:44:59 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013.10.14 18:31:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.10.14 18:12:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.10.14 17:50:20 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe
[2013.10.14 17:50:20 | 000,012,137 | ---- | C] () -- C:\Windows\unins002.dat
[2013.10.14 17:50:11 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2013.10.14 17:50:10 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2013.10.14 17:50:10 | 000,138,752 | ---- | C] () -- C:\Windows\System32\libpng15.dll
[2013.10.14 17:50:09 | 001,199,179 | ---- | C] () -- C:\Windows\unins001.exe
[2013.10.14 17:50:09 | 000,017,847 | ---- | C] () -- C:\Windows\unins001.dat
[2013.10.14 17:49:11 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013.10.14 17:49:11 | 000,007,966 | ---- | C] () -- C:\Windows\unins000.dat
[2013.10.14 00:21:24 | 000,000,338 | ---- | C] () -- C:\Windows\System32\WinToolkitRunOnce.exe.config
[2013.10.13 23:09:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.10.13 22:00:43 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:37:22 | 012,877,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.10.15 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AIMP3
[2014.04.18 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\.kde
[2015.01.02 12:17:40 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\AIMP3
[2013.10.22 10:46:18 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\AVAST Software
[2014.11.30 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\FileZilla
[2014.02.08 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\FreeAudioPack
[2014.04.22 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\gnupg
[2015.02.28 09:09:57 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\Mp3tag
[2014.12.27 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\MusicBrainz
[2014.04.18 18:37:24 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\PyBitmessage
[2015.02.28 19:11:40 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\uTorrent
[2015.02.27 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\XnConvert
[2015.02.28 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\XnViewMP
[2013.10.22 11:27:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2013.10.19 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ElevatedShortcut
[2014.01.27 13:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2014.04.22 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gnupg
[2015.03.01 22:47:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mp3tag
[2015.01.01 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MusicBrainz
[2014.09.12 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2015.02.24 10:26:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report > und ergänzend: Code:
OTL Extras logfile created on: 02.03.2015 08:41:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free
6,50 Gb Paging File | 4,88 Gb Available in Paging File | 75,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 52,19 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 164,69 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 15,41 Gb Free Space | 31,55% Space Free | Partition Type: NTFS
Drive F: | 833,84 Gb Total Space | 832,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 23,30 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
Drive X: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Drive Z: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Computer Name: KRAXI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Value error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Value error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [SuRun] -- Reg Error: Invalid data type.
Directory [TO] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037E67B2-B0F6-4860-8F76-DD5484DBADC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19412C55-A430-42B8-A5BF-00F344FBAA8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23E8BC34-59D3-4A1B-BEB7-B729576259C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{326637DD-B420-41A0-8299-6E405DA7E26E}" = rport=137 | protocol=17 | dir=out | app=system |
"{636A3D33-6CFB-4B73-BB33-B03B09073A24}" = lport=138 | protocol=17 | dir=in | app=system |
"{647B9F91-9012-4FDD-B597-AAB1F150BE61}" = lport=445 | protocol=6 | dir=in | app=system |
"{80AC0FFB-2EEE-4BD0-AE55-E950D5942508}" = lport=137 | protocol=17 | dir=in | app=system |
"{85E8F301-5B54-48C7-B753-10BB96E06DD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EC24B38-DB17-4973-BBD6-14CA160DD59E}" = lport=139 | protocol=6 | dir=in | app=system |
"{92644C14-DAC9-48F9-8E07-778E14ECE321}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC72979C-0D0D-4B9B-B5F6-05D48FD34863}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDF4FC38-4608-42D5-B8CD-059DF8916716}" = rport=138 | protocol=17 | dir=out | app=system |
"{C400FB06-A936-496E-9800-C27944D2221D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C753DD23-7CD0-4972-8870-32BBB11AE7D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F6DAD5-B202-4D8B-A9A1-5EBFE5E33AA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A1CE1D1-64B3-4195-8030-663E718DFB9F}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{14544858-6FA0-4B82-B534-CEBF855017BA}" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"{1A141DFD-24D8-4CF8-BCB8-473FB8374988}" = protocol=6 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"{28DA3ADD-05B7-4898-8B1A-73CB5C55B983}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{343DFC1D-9356-4328-A1F4-49AF7CE69BC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | |
"{434E9B45-D0EE-48F8-B929-8A143573FDB5}" = protocol=6 | dir=in | app=c:\program files\avast\ng\vbox\aswfe.exe |
"{51DBB5F8-BE97-417F-9F1B-5F2C0270D2D2}" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"{53721C41-FC4F-4CAB-828E-2FF46F2ADD6F}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"{5A7D079C-6B76-40F1-9AD0-2F23655E05C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CBFE664-6DBA-43AF-BCDB-439A3A150501}" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"{69AD79E3-84FD-4522-958A-9CF8DAA3402E}" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"{731B0E59-1E1B-4EBD-9CF8-F213180BF77F}" = protocol=6 | dir=in | app=c:\program files\fiddler2\fiddler.exe |
"{75746B0E-C872-4613-A759-D72C4844FAE8}" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"{75F0AAFB-6787-4A90-B447-92B48C899AC5}" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"{84F56EB0-B8DD-46B2-8137-E4A8C956A757}" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"{86B59496-E7BA-4810-B215-3DDA3839B60F}" = protocol=6 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"{8CDA6D61-83A7-4563-AB43-3ADE43AB1F20}" = protocol=6 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"{915591FC-2EB1-4C7A-9263-76F4BBF4DA76}" = protocol=6 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"{98D4EA87-C341-49F9-81E2-227FCFF84DED}" = protocol=6 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"{9CCD1706-E1AB-4EB8-9CB2-705754605C9D}" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"{A10A71E9-C252-4229-9B4F-9F833BC02542}" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"{A4B5D983-3AF1-423A-9DC1-50745CFC4B24}" = protocol=17 | dir=in | app=c:\program files\avast\ng\vbox\aswfe.exe |
"{A5C11146-A95F-40A0-B6B6-95035E713C39}" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe ||
"{C1527039-9D46-4118-A61A-48E385E70A32}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"{C47D29D0-B38F-45F3-B7D7-A64397CC10CA}" = protocol=17 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"{C48C385B-C037-4CF0-967C-447D59654F18}" = protocol=17 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"{C49065BF-1B94-44B2-9737-B08511108257}" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"{CEFF7408-39E3-43AB-A122-D162728F5565}" = protocol=17 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"{D1A2615F-D49D-4397-B31D-701DC43F02C3}" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"{D7934FDD-F202-4900-B4A9-C56BF54F8290}" = protocol=6 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"{E08E8195-A67D-4E83-9278-6178A782AABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA7372BB-58F7-4DEF-BE39-CDBE59E6AC90}" = protocol=17 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"{EC103DC0-7BE2-4E8B-95D0-9BC225CD8CBF}" = protocol=17 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"{EDCE411A-4292-434E-A50F-B8396CCE62A1}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EE574110-B938-44A3-8046-C7B312847037}" = protocol=6 | dir=in | app=c:\program files\μtorrent 3.0 leecher\utorrent 3.0.0 (25422)_org.exe |
"{F67C8139-D43F-4C97-B38D-20C612FCA0D9}" = protocol=6 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"{F82CA4D0-DB48-4F01-B427-DC9B7FD85BC0}" = protocol=17 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"{FFEFFFBC-7FC6-40A3-8683-CF00877DFE10}" = protocol=17 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"TCP Query User{0B4FFFC0-5551-4EC5-BE90-428000F9A506}D:\portable programme\operator 3.5\opera\opera.exe" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"TCP Query User{1D737C87-6F5D-46E1-BC6C-0240F4EB10E5}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"TCP Query User{1E71912D-8EE7-4AFE-9732-E55393C9C5F2}C:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"TCP Query User{26B80AA4-768F-45C1-9788-FC7B03CA6CEA}D:\portable programme\filezilla 3.73\filezilla.exe" = protocol=6 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"TCP Query User{3F126A14-A519-4C19-83A1-9B2888F769BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{423ED87B-A127-4521-A881-3E2CFEBAEFD8}C:\program files\hercules\dualpix exchange\xtrctrlex.exe" = protocol=6 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrlex.exe |
"TCP Query User{43B520FC-4281-49A7-BEA8-9C9711D1D0B2}D:\portable programme\operator 3.5\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"TCP Query User{4B2C9678-4A71-475F-B7C3-BE5D7BC9B763}C:\program files\qnap\qfinder\qfinder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"TCP Query User{5CEC2FB0-8242-4711-A58C-E9D4739324B4}D:\portable programme\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"TCP Query User{657901A1-0293-4314-9965-9C7C94B45737}D:\portable programme\totalcommander suite 5.0\totalcmd.exe" = protocol=6 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"TCP Query User{8BCE6A79-F972-4C84-AF50-572FF2F7DB08}C:\users\admin.kraxi\desktop\bitmessage.exe" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"TCP Query User{8E1AF40B-7BB1-4F0E-8100-B03F9D262D4F}C:\program files\qnap\finder\qfinder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"TCP Query User{8E9EFE4D-5141-499F-B05B-8907EA6E1E15}D:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"TCP Query User{903B118D-AB55-4A59-94DE-208A0A94A5F9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A0326C43-AE9E-478D-9F95-E187D058FBEF}D:\portable programme\toropera 3.5\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"TCP Query User{D4D9D3F1-B852-4ABB-9C02-0CE3EDD586CA}D:\portable programme\foobar2000 old\foobar2000.exe" = protocol=6 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"TCP Query User{E0958C98-7A76-4BBC-9E5C-DBFA6CA7FF1E}C:\program files\hercules\dualpix exchange\xtrctrl.exe" = protocol=6 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrl.exe |
"TCP Query User{EC7D8EF6-6569-436A-982B-183FFDE2C673}C:\program files\java\jre1.8.0_31\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"TCP Query User{F12187F0-F169-4833-B79F-28189C82F620}D:\portable programme\toropera 3.5\opera\opera.exe" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"TCP Query User{F2579E26-E1FF-4D66-AE83-DCFC159B82A0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{086DE2E8-ECB5-43D2-B647-33A6CD107C9C}C:\program files\hercules\dualpix exchange\xtrctrl.exe" = protocol=17 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrl.exe |
"UDP Query User{121C4A42-0654-48A2-AFC2-525C6FCAA191}C:\program files\java\jre1.8.0_31\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"UDP Query User{184DA726-F935-43F1-87F5-38F40A4F86A2}C:\users\admin.kraxi\desktop\bitmessage.exe" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"UDP Query User{29F8BD9C-BB99-424B-BEC6-82D076146DB8}D:\portable programme\totalcommander suite 5.0\totalcmd.exe" = protocol=17 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"UDP Query User{365F5E39-B48D-46D9-B963-F9622FF6602E}D:\portable programme\filezilla 3.73\filezilla.exe" = protocol=17 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"UDP Query User{3D7DB3BE-9F62-4556-9DB0-049F76F648E5}C:\program files\qnap\finder\qfinder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"UDP Query User{41FAA023-F3FC-44AA-9A20-E480AB153733}D:\portable programme\foobar2000 old\foobar2000.exe" = protocol=17 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"UDP Query User{4351E5A5-617B-4D41-9C7B-9EDDE2D3B539}D:\portable programme\toropera 3.5\opera\opera.exe" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"UDP Query User{4F0DED22-4310-4B4B-AEEB-40C3A3E0522D}D:\portable programme\toropera 3.5\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"UDP Query User{85B335F7-A12E-494D-9F17-3B937067F9EF}D:\portable programme\operator 3.5\opera\opera.exe" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"UDP Query User{9115AD7B-30B8-4EA7-BE87-A84A57058D03}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"UDP Query User{BBB57DBB-B75C-43C4-8506-F7903402B2CF}D:\portable programme\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"UDP Query User{C1DE50F7-9807-4FE3-B245-A3023A008D6E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{CE358951-0B2F-4D5A-ADBE-89AFF82068C9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DC960BD9-29FA-4CCD-99FD-A16D10C229D6}D:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"UDP Query User{EA4036ED-BE36-4F92-A219-131C5C48FEF0}C:\program files\qnap\qfinder\qfinder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"UDP Query User{EB81AAB2-31DA-423F-BED8-39ADA2219C97}C:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"UDP Query User{EC3959C3-D76F-4F2E-8B88-3BED7A77CEB4}D:\portable programme\operator 3.5\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"UDP Query User{F36CBB39-DDF3-407C-A484-91E4609450EE}C:\program files\hercules\dualpix exchange\xtrctrlex.exe" = protocol=17 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrlex.exe |
"UDP Query User{F77B7717-8AFC-44C8-B828-21F267D18BA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000EF65-BE80-3B99-BDE5-84C515C3F64C}" = Microsoft .NET Framework 4.5.2 (DEU)
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2C00465A-EA83-4D9B-9482-9180FBEBD4AC}" = Oracle VM VirtualBox 4.2.18
"{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}" = Dualpix Exchange
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50AF8559-F490-381F-A6E7-06A07DE227DC}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830
"{5C085A19-B4A1-6686-0103-E9E6F7B2831A}" = AMD Catalyst Install Manager
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9dba0447-b749-41ea-90bc-2aa19a9eb580}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}" = Adobe Shockwave Player 12.0
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CF9FEB7B-3BBF-47D6-801B-09530B7DA7CA}" = M-Audio FireWire 6.0.4 (x86)
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68B404C-0E04-337F-A132-796508EE337A}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"avast" = Avast Free Antivirus
"Default Programs Editor" = Default Programs Editor
"eLicenser Control" = eLicenser Control
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"M928366" =
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 36.0 (x86 de)" = Mozilla Firefox 36.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Info extension_is1" = MP3-Info extension V3.4.23
"Mp3tag" = Mp3tag v2.66
"MusicBrainz Picard" = MusicBrainz Picard
"QNAP_FINDER" = QNAP Qfinder
"SpeedFan" = SpeedFan (remove only)
"SuRun" = Super User Run (SuRun)
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2015 09:37:20 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2015 15:33:43 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2015 05:13:15 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2015 18:05:00 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2015 03:12:32 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2015 10:58:32 | Computer Name = Kraxi | Source = Application Hang | ID = 1002
Description = Programm TagRename.exe, Version 3.8.1.41 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1324 Startzeit:
01d04f6573daaae6 Endzeit: 131 Anwendungspfad: D:\Portable Programme\TagRename 3.81\TagRename.exe
Berichts-ID:
6cdf6817-bb6c-11e4-ab04-40618667f7ca
Error - 01.03.2015 17:04:32 | Computer Name = Kraxi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16609 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d10 Startzeit: 01d05463186a4130 Endzeit: 10 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.03.2015 02:59:10 | Computer Name = Kraxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16609,
Zeitstempel: 0x54b5c951 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0e301368 ID des fehlerhaften
Prozesses: 0xa08 Startzeit der fehlerhaften Anwendung: 0x01d054b5589de9e7 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 9fe4c4dc-c0a9-11e4-b552-40618667f7ca
[ System Events ]
Error - 27.02.2015 12:03:43 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.02.2015 14:42:05 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 03:07:44 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 06:05:11 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 13:23:48 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 05:30:04 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 08:06:33 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 09:29:33 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 11:10:59 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 02.03.2015 02:48:18 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report > |