Trojaner-Board - Mystar incredybar löschen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Mystar incredybar löschen (https://www.trojaner-board.de/127747-mystar-incredybar-loeschen.html)

Nirobe

02.12.2012 18:44

Mystar incredybar löschen

Hey Leute bin relativ neu und habe wie viele auch das problem mit der Mystar Incredybar deswegen bin ich auf eure seite gekommen. hab dan auch nach eurer anleitung gemacht angefangen allerdings nach dem scan zeigte er einfach an das nichts infiziert ist:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

02.12.2012 10:17:51
mbam-log-2012-12-02 (10-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 483721
Laufzeit: 1 Stunde(n), 45 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich benutze Google Chrome auf Windows Vista
ich hoffe ihr könnt mir weiterhelfen ;D

M-K-D-B

03.12.2012 15:40

:hallo:

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

drivers32

safebootminimal

safebootnetwork

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller.

Nirobe

03.12.2012 17:11

Danke für deine Antwort :D
Da die Dateien zu gros sind um beide in eins zu schreiben mach ich zwei antworten draus ich hoffe das ist nicht schlimm.
1 OTL:OTL Logfile:

Code:

OTL logfile created on: 03.12.2012 16:57:33 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free

8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe

PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe

PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll

MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll

MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll

MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll

MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll

MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll

MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll

MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll

MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll

MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll

MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll

MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)

SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)

DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)

DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)

DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4812_1&babsrc=HP_ss&mntrId=e0acb527000000000000001f3f08cbc1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: https://www.google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://www.google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\

CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\

CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData

[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software

[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper

[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft

[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler

[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll

[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler

[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8

[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU

[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll

[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung

[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken

[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages

[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla

[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll

[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx

[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf

[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf

[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Custom Scans ==========

 
 < hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 < hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 <           >
 

< End of report >

--- --- ---

Nirobe

03.12.2012 17:17

2 Extra:OTL Logfile:

Code:

OTL logfile created on: 03.12.2012 16:57:33 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free

8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe

PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe

PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll

MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll

MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll

MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll

MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll

MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll

MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll

MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll

MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll

MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll

MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll

MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)

SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)

DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)

DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)

DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Claro Search

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: https://www.google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://www.google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\

CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\

CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData

[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software

[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper

[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft

[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler

[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll

[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler

[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8

[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU

[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll

[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung

[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken

[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages

[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla

[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll

[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx

[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf

[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf

[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Custom Scans ==========

 
 < hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 < hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 <           >
 

< End of report >

--- --- ---

Nirobe

03.12.2012 17:19

2 EXTRA:OTL Logfile:

Code:

OTL logfile created on: 03.12.2012 16:57:33 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free

8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe

PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe

PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2012.08.09 12:04:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll

MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll

MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll

MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll

MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll

MOD - [2012.11.16 21:38:27 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll

MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll

MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll

MOD - [2012.11.16 21:38:18 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll

MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll

MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll

MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012.10.28 01:59:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)

SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)

DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)

DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)

DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Claro Search

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms}

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4812_1&babsrc=SP_ss&mntrId=e0acb527000000000000001f3f08cbc1

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=db0279d7-4bc5-4434-ac86-925672c895dd&apn_sauid=E8D462AF-CE1F-40F7-9070-685AA886969A

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8CZbZEO1&i=26

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-870192084-3636044139-2260596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: https://www.google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://www.google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\

CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\

CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-870192084-3636044139-2260596-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-870192084-3636044139-2260596-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.03.30 11:04:10 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell - "" = AutoRun

O33 - MountPoints2\{41db42ca-9c26-11e1-9194-c46709c4e357}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{71fdf3db-9c25-11e1-9bf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\CBS.exe -- [2007.07.10 12:34:14 | 000,612,864 | R--- | M] (getanet.MEDIA)

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell - "" = AutoRun

O33 - MountPoints2\{94596e80-121d-11e2-a9e5-001f3f08cbc1}\Shell\AutoRun\command - "" = L:\Borderlands-u-GOTY_sr_efgis.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData

[2012.12.02 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.12.02 19:04:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 19:04:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.02 10:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.02 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software

[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Babylon

[2012.12.02 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper

[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft

[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler

[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll

[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler

[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8

[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU

[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll

[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012.11.21 09:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung

[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken

[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages

[2012.11.07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\FileZilla

[2012.11.07 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2012.11.07 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.03 16:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.03 16:17:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.03 16:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.03 14:01:13 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.03 14:01:13 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.03 14:01:13 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.03 14:01:13 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.03 14:01:13 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 06:45:51 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.02 19:04:04 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.02 19:04:03 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.02 19:04:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.02 19:04:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.02 19:04:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.02 15:39:35 | 000,002,017 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 10:01:09 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll

[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.11.07 16:13:32 | 000,002,076 | ---- | M] () -- C:\Users\Jan\Documents\mcedit.ini

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.02 15:39:34 | 000,002,017 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk

[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.02 10:01:09 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx

[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:18:03 | 000,085,712 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf

[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf

[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Custom Scans ==========

 
 < hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.09.28 02:10:54 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 < hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.09.28 02:10:49 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)

 
 <           >
 

< End of report >

--- --- ---

Nirobe

03.12.2012 17:21

Sry das das so oft gepostet wurde weis net warum -.-

Hier noch die defrogger sachen:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:27 on 03/12/2012 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

M-K-D-B

03.12.2012 19:34

Servus,

fehlen noch aswMBr und TDSSKiller. :)

Nirobe

03.12.2012 20:24

Schritt 3:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-03 17:36:24
-----------------------------
17:36:24.162 OS Version: Windows x64 6.0.6002 Service Pack 2
17:36:24.162 Number of processors: 4 586 0x203
17:36:24.162 ComputerName: JAN-PC UserName: Jan
17:36:28.998 Initialize success
17:40:10.462 AVAST engine defs: 12120200
17:40:21.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:40:21.016 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715404MB BusType: 3
17:40:21.059 Disk 0 MBR read successfully
17:40:21.062 Disk 0 MBR scan
17:40:21.067 Disk 0 Windows VISTA default MBR code
17:40:21.083 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 707401 MB offset 2048
17:40:21.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8000 MB offset 1448761344
17:40:21.199 Disk 0 scanning C:\Windows\system32\drivers
17:40:33.479 Service scanning
17:40:54.817 Modules scanning
17:40:54.824 Disk 0 trace - called modules:
17:40:54.838 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:40:54.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061b4790]
17:40:54.846 3 CLASSPNP.SYS[fffffa6000dc7c33] -> nt!IofCallDriver -> [0xfffffa800492d520]
17:40:54.853 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004993940]
17:40:58.709 AVAST engine scan C:\Windows
17:41:04.970 AVAST engine scan C:\Windows\system32
17:45:53.673 AVAST engine scan C:\Windows\system32\drivers
17:46:15.094 AVAST engine scan C:\Users\Jan
18:14:49.500 AVAST engine scan C:\ProgramData
18:15:56.850 Scan finished successfully
20:22:58.014 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
20:22:58.019 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"

Schritt 4:
20:25:27.0145 1980 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:25:27.0330 1980 ============================================================
20:25:27.0330 1980 Current date / time: 2012/12/03 20:25:27.0330
20:25:27.0330 1980 SystemInfo:
20:25:27.0330 1980
20:25:27.0330 1980 OS Version: 6.0.6002 ServicePack: 2.0
20:25:27.0330 1980 Product type: Workstation
20:25:27.0330 1980 ComputerName: JAN-PC
20:25:27.0330 1980 UserName: Jan
20:25:27.0330 1980 Windows directory: C:\Windows
20:25:27.0330 1980 System windows directory: C:\Windows
20:25:27.0330 1980 Running under WOW64
20:25:27.0330 1980 Processor architecture: Intel x64
20:25:27.0330 1980 Number of processors: 4
20:25:27.0330 1980 Page size: 0x1000
20:25:27.0330 1980 Boot type: Normal boot
20:25:27.0330 1980 ============================================================
20:25:28.0235 1980 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:28.0259 1980 ============================================================
20:25:28.0259 1980 \Device\Harddisk0\DR0:
20:25:28.0260 1980 MBR partitions:
20:25:28.0260 1980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x565A4FF8
20:25:28.0260 1980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x565A5800, BlocksNum 0xFA0000
20:25:28.0260 1980 ============================================================
20:25:28.0283 1980 C: <-> \Device\Harddisk0\DR0\Partition1
20:25:28.0315 1980 D: <-> \Device\Harddisk0\DR0\Partition2
20:25:28.0315 1980 ============================================================
20:25:28.0315 1980 Initialize success
20:25:28.0315 1980 ============================================================
20:25:31.0627 2220 ============================================================
20:25:31.0627 2220 Scan started
20:25:31.0627 2220 Mode: Manual;
20:25:31.0627 2220 ============================================================
20:25:32.0941 2220 ================ Scan system memory ========================
20:25:32.0941 2220 System memory - ok
20:25:32.0942 2220 ================ Scan services =============================
20:25:33.0138 2220 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:25:33.0140 2220 ACPI - ok
20:25:33.0172 2220 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:25:33.0181 2220 adp94xx - ok
20:25:33.0194 2220 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:25:33.0200 2220 adpahci - ok
20:25:33.0209 2220 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:25:33.0210 2220 adpu160m - ok
20:25:33.0217 2220 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:25:33.0219 2220 adpu320 - ok
20:25:33.0257 2220 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:25:33.0258 2220 AeLookupSvc - ok
20:25:33.0324 2220 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
20:25:33.0331 2220 AFD - ok
20:25:33.0610 2220 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:25:33.0612 2220 agp440 - ok
20:25:33.0623 2220 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:25:33.0625 2220 aic78xx - ok
20:25:33.0759 2220 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
20:25:33.0759 2220 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
20:25:33.0768 2220 Akamai ( HiddenFile.Multi.Generic ) - warning
20:25:33.0768 2220 Akamai - detected HiddenFile.Multi.Generic (1)
20:25:33.0779 2220 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
20:25:33.0781 2220 ALG - ok
20:25:33.0794 2220 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
20:25:33.0795 2220 aliide - ok
20:25:33.0808 2220 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
20:25:33.0808 2220 amdide - ok
20:25:33.0821 2220 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:25:33.0822 2220 AmdK8 - ok
20:25:33.0851 2220 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
20:25:33.0852 2220 androidusb - ok
20:25:33.0913 2220 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:25:33.0915 2220 AntiVirSchedulerService - ok
20:25:33.0948 2220 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:25:33.0950 2220 AntiVirService - ok
20:25:33.0969 2220 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
20:25:33.0971 2220 Appinfo - ok
20:25:33.0975 2220 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
20:25:33.0977 2220 arc - ok
20:25:34.0003 2220 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:25:34.0005 2220 arcsas - ok
20:25:34.0029 2220 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:34.0030 2220 AsyncMac - ok
20:25:34.0054 2220 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
20:25:34.0055 2220 atapi - ok
20:25:34.0092 2220 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:25:34.0096 2220 atksgt - ok
20:25:34.0137 2220 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:25:34.0142 2220 AudioEndpointBuilder - ok
20:25:34.0149 2220 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:25:34.0152 2220 AudioSrv - ok
20:25:34.0164 2220 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:25:34.0164 2220 avgntflt - ok
20:25:34.0172 2220 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:25:34.0175 2220 avipbb - ok
20:25:34.0188 2220 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:25:34.0189 2220 avkmgr - ok
20:25:34.0217 2220 [ D1A9AE485FFF7C72CA50D8949B2210B9 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
20:25:34.0222 2220 AVM WLAN Connection Service - ok
20:25:34.0234 2220 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
20:25:34.0235 2220 avmeject - ok
20:25:34.0270 2220 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
20:25:34.0278 2220 BFE - ok
20:25:34.0321 2220 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
20:25:34.0339 2220 BITS - ok
20:25:34.0351 2220 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:25:34.0351 2220 blbdrive - ok
20:25:34.0385 2220 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:25:34.0387 2220 bowser - ok
20:25:34.0398 2220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:25:34.0399 2220 BrFiltLo - ok
20:25:34.0410 2220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:25:34.0410 2220 BrFiltUp - ok
20:25:34.0434 2220 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
20:25:34.0435 2220 Browser - ok
20:25:34.0447 2220 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
20:25:34.0450 2220 Brserid - ok
20:25:34.0465 2220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:25:34.0466 2220 BrSerWdm - ok
20:25:34.0479 2220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:25:34.0480 2220 BrUsbMdm - ok
20:25:34.0494 2220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:25:34.0495 2220 BrUsbSer - ok
20:25:34.0505 2220 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:25:34.0506 2220 BTHMODEM - ok
20:25:34.0525 2220 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:25:34.0528 2220 cdfs - ok
20:25:34.0566 2220 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:25:34.0568 2220 cdrom - ok
20:25:34.0573 2220 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
20:25:34.0574 2220 CertPropSvc - ok
20:25:34.0582 2220 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
20:25:34.0584 2220 circlass - ok
20:25:34.0614 2220 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
20:25:34.0621 2220 CLFS - ok
20:25:34.0665 2220 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:34.0667 2220 clr_optimization_v2.0.50727_32 - ok
20:25:34.0719 2220 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:25:34.0721 2220 clr_optimization_v2.0.50727_64 - ok
20:25:34.0804 2220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:25:34.0807 2220 clr_optimization_v4.0.30319_32 - ok
20:25:34.0837 2220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:25:34.0840 2220 clr_optimization_v4.0.30319_64 - ok
20:25:34.0848 2220 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:25:34.0849 2220 cmdide - ok
20:25:34.0861 2220 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:25:34.0863 2220 Compbatt - ok
20:25:34.0866 2220 COMSysApp - ok
20:25:34.0884 2220 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:25:34.0884 2220 crcdisk - ok
20:25:34.0912 2220 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:25:34.0916 2220 CryptSvc - ok
20:25:34.0956 2220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:25:34.0968 2220 DcomLaunch - ok
20:25:34.0979 2220 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:25:34.0981 2220 DfsC - ok
20:25:35.0038 2220 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
20:25:35.0089 2220 DFSR - ok
20:25:35.0125 2220 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:25:35.0128 2220 Dhcp - ok
20:25:35.0152 2220 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
20:25:35.0153 2220 disk - ok
20:25:35.0183 2220 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:25:35.0184 2220 Dnscache - ok
20:25:35.0212 2220 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
20:25:35.0216 2220 dot3svc - ok
20:25:35.0240 2220 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
20:25:35.0243 2220 DPS - ok
20:25:35.0269 2220 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:25:35.0270 2220 drmkaud - ok
20:25:35.0321 2220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:25:35.0325 2220 dtsoftbus01 - ok
20:25:35.0370 2220 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:25:35.0382 2220 DXGKrnl - ok
20:25:35.0410 2220 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:25:35.0414 2220 E1G60 - ok
20:25:35.0427 2220 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
20:25:35.0430 2220 EapHost - ok
20:25:35.0454 2220 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
20:25:35.0455 2220 Ecache - ok
20:25:35.0501 2220 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:25:35.0507 2220 ehRecvr - ok
20:25:35.0512 2220 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
20:25:35.0513 2220 ehSched - ok
20:25:35.0526 2220 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
20:25:35.0528 2220 ehstart - ok
20:25:35.0547 2220 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:25:35.0554 2220 elxstor - ok
20:25:35.0571 2220 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:25:35.0575 2220 EMDMgmt - ok
20:25:35.0584 2220 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:25:35.0585 2220 ErrDev - ok
20:25:35.0617 2220 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
20:25:35.0623 2220 EventSystem - ok
20:25:35.0647 2220 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
20:25:35.0651 2220 exfat - ok
20:25:35.0663 2220 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:25:35.0667 2220 fastfat - ok
20:25:35.0694 2220 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:25:35.0695 2220 fdc - ok
20:25:35.0704 2220 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
20:25:35.0705 2220 fdPHost - ok
20:25:35.0719 2220 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
20:25:35.0720 2220 FDResPub - ok
20:25:35.0731 2220 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:25:35.0733 2220 FileInfo - ok
20:25:35.0746 2220 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:25:35.0746 2220 Filetrace - ok
20:25:35.0831 2220 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZillaServer c:\xampp\FileZillaFTP\FileZillaServer.exe
20:25:35.0844 2220 FileZillaServer - ok
20:25:35.0877 2220 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:35.0878 2220 flpydisk - ok
20:25:35.0895 2220 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:25:35.0897 2220 FltMgr - ok
20:25:36.0096 2220 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
20:25:36.0655 2220 FontCache - ok
20:25:36.0698 2220 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:25:36.0699 2220 FontCache3.0.0.0 - ok
20:25:36.0718 2220 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:25:36.0719 2220 Fs_Rec - ok
20:25:36.0755 2220 [ 630CB27253EA63BB0990C40C72BFCFE1 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
20:25:36.0764 2220 fwlanusbn - ok
20:25:36.0777 2220 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:25:36.0779 2220 gagp30kx - ok
20:25:36.0814 2220 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
20:25:36.0824 2220 gpsvc - ok
20:25:36.0887 2220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:25:36.0888 2220 gupdate - ok
20:25:36.0892 2220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:25:36.0893 2220 gupdatem - ok
20:25:36.0926 2220 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:25:36.0928 2220 hamachi - ok
20:25:36.0982 2220 [ D483DBAEF409E8AB7477C28615FCD853 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:25:37.0028 2220 Hamachi2Svc - ok
20:25:37.0078 2220 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
20:25:37.0079 2220 hcmon - ok
20:25:37.0129 2220 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:25:37.0139 2220 HdAudAddService - ok
20:25:37.0194 2220 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:25:37.0205 2220 HDAudBus - ok
20:25:37.0219 2220 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:25:37.0220 2220 HidBth - ok
20:25:37.0233 2220 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:25:37.0233 2220 HidIr - ok
20:25:37.0245 2220 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
20:25:37.0246 2220 hidserv - ok
20:25:37.0260 2220 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:25:37.0261 2220 HidUsb - ok
20:25:37.0282 2220 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
20:25:37.0285 2220 hkmsvc - ok
20:25:37.0313 2220 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:25:37.0315 2220 HpCISSs - ok
20:25:37.0343 2220 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:25:37.0350 2220 HTTP - ok
20:25:37.0364 2220 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:25:37.0365 2220 i2omp - ok
20:25:37.0376 2220 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:25:37.0377 2220 i8042prt - ok
20:25:37.0388 2220 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:25:37.0393 2220 iaStorV - ok
20:25:37.0441 2220 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:25:37.0455 2220 idsvc - ok
20:25:37.0474 2220 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:25:37.0475 2220 iirsp - ok
20:25:37.0489 2220 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
20:25:37.0497 2220 IKEEXT - ok
20:25:37.0520 2220 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
20:25:37.0521 2220 intelide - ok
20:25:37.0525 2220 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:25:37.0526 2220 intelppm - ok
20:25:37.0540 2220 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:25:37.0543 2220 IPBusEnum - ok
20:25:37.0559 2220 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:37.0560 2220 IpFilterDriver - ok
20:25:37.0588 2220 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:25:37.0593 2220 iphlpsvc - ok
20:25:37.0596 2220 IpInIp - ok
20:25:37.0613 2220 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:25:37.0615 2220 IPMIDRV - ok
20:25:37.0619 2220 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:25:37.0621 2220 IPNAT - ok
20:25:37.0625 2220 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:25:37.0625 2220 IRENUM - ok
20:25:37.0644 2220 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:25:37.0645 2220 isapnp - ok
20:25:37.0657 2220 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:25:37.0660 2220 iScsiPrt - ok
20:25:37.0669 2220 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:25:37.0670 2220 iteatapi - ok
20:25:37.0683 2220 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:25:37.0685 2220 iteraid - ok
20:25:37.0700 2220 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:37.0702 2220 kbdclass - ok
20:25:37.0705 2220 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:37.0706 2220 kbdhid - ok
20:25:37.0747 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
20:25:37.0749 2220 KeyIso - ok
20:25:37.0767 2220 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:25:37.0772 2220 KSecDD - ok
20:25:37.0776 2220 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:25:37.0777 2220 ksthunk - ok
20:25:37.0805 2220 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
20:25:37.0812 2220 KtmRm - ok
20:25:37.0837 2220 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:25:37.0842 2220 LanmanServer - ok
20:25:37.0871 2220 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:25:37.0874 2220 LanmanWorkstation - ok
20:25:37.0898 2220 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:25:37.0899 2220 lirsgt - ok
20:25:37.0914 2220 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:25:37.0916 2220 lltdio - ok
20:25:37.0929 2220 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:25:37.0932 2220 lltdsvc - ok
20:25:37.0947 2220 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:25:37.0949 2220 lmhosts - ok
20:25:37.0964 2220 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:25:37.0965 2220 LSI_FC - ok
20:25:37.0976 2220 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:25:37.0978 2220 LSI_SAS - ok
20:25:37.0992 2220 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:25:37.0994 2220 LSI_SCSI - ok
20:25:38.0011 2220 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
20:25:38.0013 2220 luafv - ok
20:25:38.0038 2220 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:25:38.0040 2220 Mcx2Svc - ok
20:25:38.0058 2220 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
20:25:38.0059 2220 megasas - ok
20:25:38.0078 2220 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:25:38.0085 2220 MegaSR - ok
20:25:38.0097 2220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
20:25:38.0099 2220 MMCSS - ok
20:25:38.0136 2220 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
20:25:38.0137 2220 Modem - ok
20:25:38.0141 2220 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:25:38.0141 2220 monitor - ok
20:25:38.0159 2220 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:25:38.0160 2220 mouclass - ok
20:25:38.0164 2220 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:25:38.0165 2220 mouhid - ok
20:25:38.0169 2220 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:25:38.0171 2220 MountMgr - ok
20:25:38.0200 2220 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:25:38.0202 2220 mpio - ok
20:25:38.0215 2220 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:25:38.0218 2220 mpsdrv - ok
20:25:38.0250 2220 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
20:25:38.0261 2220 MpsSvc - ok
20:25:38.0275 2220 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:25:38.0277 2220 Mraid35x - ok
20:25:38.0295 2220 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:25:38.0297 2220 MRxDAV - ok
20:25:38.0314 2220 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:38.0316 2220 mrxsmb - ok
20:25:38.0330 2220 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:38.0333 2220 mrxsmb10 - ok
20:25:38.0343 2220 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:38.0344 2220 mrxsmb20 - ok
20:25:38.0393 2220 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
20:25:38.0394 2220 msahci - ok
20:25:38.0403 2220 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:25:38.0404 2220 msdsm - ok
20:25:38.0424 2220 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
20:25:38.0426 2220 MSDTC - ok
20:25:38.0446 2220 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:25:38.0447 2220 Msfs - ok
20:25:38.0458 2220 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:25:38.0458 2220 msisadrv - ok
20:25:38.0487 2220 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:25:38.0489 2220 MSiSCSI - ok
20:25:38.0492 2220 msiserver - ok
20:25:38.0511 2220 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:25:38.0512 2220 MSKSSRV - ok
20:25:38.0516 2220 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:38.0517 2220 MSPCLOCK - ok
20:25:38.0542 2220 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:25:38.0543 2220 MSPQM - ok
20:25:38.0557 2220 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:25:38.0561 2220 MsRPC - ok
20:25:38.0567 2220 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:25:38.0568 2220 mssmbios - ok
20:25:38.0579 2220 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:25:38.0580 2220 MSTEE - ok
20:25:38.0593 2220 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
20:25:38.0594 2220 Mup - ok
20:25:38.0614 2220 mysql - ok
20:25:38.0639 2220 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
20:25:38.0647 2220 napagent - ok
20:25:38.0668 2220 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:25:38.0669 2220 NativeWifiP - ok
20:25:38.0693 2220 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:25:38.0700 2220 NDIS - ok
20:25:38.0705 2220 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:38.0705 2220 NdisTapi - ok
20:25:38.0709 2220 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:38.0710 2220 Ndisuio - ok
20:25:38.0723 2220 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:38.0726 2220 NdisWan - ok
20:25:38.0735 2220 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:25:38.0736 2220 NDProxy - ok
20:25:38.0740 2220 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:25:38.0741 2220 NetBIOS - ok
20:25:38.0758 2220 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:25:38.0760 2220 netbt - ok
20:25:38.0767 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
20:25:38.0768 2220 Netlogon - ok
20:25:38.0791 2220 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
20:25:38.0797 2220 Netman - ok
20:25:38.0812 2220 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
20:25:38.0819 2220 netprofm - ok
20:25:38.0845 2220 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:25:38.0855 2220 NetTcpPortSharing - ok
20:25:38.0880 2220 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:25:38.0882 2220 nfrd960 - ok
20:25:38.0914 2220 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
20:25:38.0918 2220 NlaSvc - ok
20:25:38.0929 2220 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:25:38.0930 2220 Npfs - ok
20:25:38.0940 2220 npggsvc - ok
20:25:38.0960 2220 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
20:25:38.0962 2220 nsi - ok
20:25:38.0988 2220 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:25:38.0989 2220 nsiproxy - ok
20:25:39.0037 2220 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:25:39.0060 2220 Ntfs - ok
20:25:39.0064 2220 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
20:25:39.0065 2220 Null - ok
20:25:39.0390 2220 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:25:39.0585 2220 nvlddmkm - ok
20:25:39.0605 2220 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:25:39.0607 2220 nvraid - ok
20:25:39.0618 2220 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:25:39.0619 2220 nvstor - ok
20:25:39.0666 2220 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
20:25:39.0681 2220 nvsvc - ok
20:25:39.0736 2220 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:25:39.0755 2220 nvUpdatusService - ok
20:25:39.0766 2220 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:25:39.0768 2220 nv_agp - ok
20:25:39.0771 2220 NwlnkFlt - ok
20:25:39.0775 2220 NwlnkFwd - ok
20:25:39.0789 2220 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:25:39.0791 2220 ohci1394 - ok
20:25:39.0827 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:25:39.0844 2220 p2pimsvc - ok
20:25:39.0859 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
20:25:39.0865 2220 p2psvc - ok
20:25:39.0886 2220 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:25:39.0888 2220 Parport - ok
20:25:39.0909 2220 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:25:39.0910 2220 partmgr - ok
20:25:39.0933 2220 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
20:25:39.0935 2220 PcaSvc - ok
20:25:39.0979 2220 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
20:25:39.0982 2220 pci - ok
20:25:40.0012 2220 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
20:25:40.0012 2220 pciide - ok
20:25:40.0275 2220 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:25:40.0280 2220 pcmcia - ok
20:25:40.0303 2220 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:25:40.0317 2220 PEAUTH - ok
20:25:40.0412 2220 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:25:40.0415 2220 PerfHost - ok
20:25:40.0455 2220 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
20:25:40.0477 2220 pla - ok
20:25:40.0502 2220 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:25:40.0509 2220 PlugPlay - ok
20:25:40.0526 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:25:40.0532 2220 PNRPAutoReg - ok
20:25:40.0544 2220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:25:40.0550 2220 PNRPsvc - ok
20:25:40.0570 2220 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:25:40.0579 2220 PolicyAgent - ok
20:25:40.0608 2220 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:25:40.0610 2220 PptpMiniport - ok
20:25:40.0620 2220 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:25:40.0621 2220 Processor - ok
20:25:40.0633 2220 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
20:25:40.0637 2220 ProfSvc - ok
20:25:40.0650 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:25:40.0651 2220 ProtectedStorage - ok
20:25:40.0676 2220 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:25:40.0678 2220 PSched - ok
20:25:40.0713 2220 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:25:40.0732 2220 ql2300 - ok
20:25:40.0756 2220 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:25:40.0759 2220 ql40xx - ok
20:25:40.0792 2220 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
20:25:40.0798 2220 QWAVE - ok
20:25:40.0812 2220 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:25:40.0814 2220 QWAVEdrv - ok
20:25:40.0822 2220 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:25:40.0824 2220 RasAcd - ok
20:25:40.0838 2220 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:25:40.0842 2220 RasAuto - ok
20:25:40.0853 2220 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:25:40.0855 2220 Rasl2tp - ok
20:25:40.0872 2220 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
20:25:40.0878 2220 RasMan - ok
20:25:40.0896 2220 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:25:40.0897 2220 RasPppoe - ok
20:25:40.0919 2220 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:25:40.0921 2220 RasSstp - ok
20:25:40.0950 2220 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:25:40.0954 2220 rdbss - ok
20:25:40.0995 2220 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:25:40.0995 2220 RDPCDD - ok
20:25:41.0017 2220 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:25:41.0022 2220 rdpdr - ok
20:25:41.0027 2220 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:25:41.0028 2220 RDPENCDD - ok
20:25:41.0076 2220 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:25:41.0081 2220 RDPWD - ok
20:25:41.0104 2220 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:25:41.0105 2220 RemoteAccess - ok
20:25:41.0131 2220 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:25:41.0136 2220 RemoteRegistry - ok
20:25:41.0156 2220 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
20:25:41.0158 2220 RpcLocator - ok
20:25:41.0176 2220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
20:25:41.0181 2220 RpcSs - ok
20:25:41.0204 2220 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:25:41.0206 2220 rspndr - ok
20:25:41.0237 2220 [ C6701C5F6781D7DED9208A4D554AC37B ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:25:41.0239 2220 RTL8169 - ok
20:25:41.0242 2220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
20:25:41.0244 2220 SamSs - ok
20:25:41.0249 2220 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:25:41.0251 2220 sbp2port - ok
20:25:41.0264 2220 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:25:41.0268 2220 SCardSvr - ok
20:25:41.0301 2220 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
20:25:41.0312 2220 Schedule - ok
20:25:41.0338 2220 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:25:41.0339 2220 SCPolicySvc - ok
20:25:41.0361 2220 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:25:41.0365 2220 SDRSVC - ok
20:25:41.0379 2220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:25:41.0380 2220 secdrv - ok
20:25:41.0385 2220 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
20:25:41.0387 2220 seclogon - ok
20:25:41.0396 2220 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
20:25:41.0399 2220 SENS - ok
20:25:41.0408 2220 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:25:41.0409 2220 Serenum - ok
20:25:41.0425 2220 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
20:25:41.0426 2220 Serial - ok
20:25:41.0441 2220 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:25:41.0442 2220 sermouse - ok
20:25:41.0459 2220 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:25:41.0462 2220 SessionEnv - ok
20:25:41.0470 2220 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:25:41.0471 2220 sffdisk - ok
20:25:41.0484 2220 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:25:41.0485 2220 sffp_mmc - ok
20:25:41.0493 2220 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:25:41.0494 2220 sffp_sd - ok
20:25:41.0504 2220 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:25:41.0505 2220 sfloppy - ok
20:25:41.0520 2220 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:25:41.0527 2220 SharedAccess - ok
20:25:41.0579 2220 [ 66CFDF478939DD6388858DE06F2CE14C ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:25:41.0585 2220 ShellHWDetection - ok
20:25:41.0595 2220 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:25:41.0596 2220 SiSRaid2 - ok
20:25:41.0611 2220 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:25:41.0613 2220 SiSRaid4 - ok
20:25:41.0663 2220 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:25:41.0667 2220 SkypeUpdate - ok
20:25:42.0345 2220 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
20:25:42.0626 2220 slsvc - ok
20:25:42.0650 2220 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:25:42.0653 2220 SLUINotify - ok
20:25:42.0677 2220 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:25:42.0678 2220 Smb - ok
20:25:42.0708 2220 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:25:42.0721 2220 SNMPTRAP - ok
20:25:42.0742 2220 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
20:25:42.0743 2220 spldr - ok
20:25:42.0816 2220 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
20:25:42.0822 2220 Spooler - ok
20:25:42.0852 2220 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
20:25:42.0859 2220 srv - ok
20:25:42.0871 2220 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:25:42.0879 2220 srv2 - ok
20:25:42.0896 2220 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:25:42.0897 2220 srvnet - ok
20:25:42.0929 2220 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
20:25:42.0932 2220 ssadbus - ok
20:25:42.0956 2220 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:25:42.0957 2220 ssadmdfl - ok
20:25:42.0972 2220 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
20:25:42.0973 2220 ssadmdm - ok
20:25:42.0996 2220 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:25:42.0999 2220 sscdbus - ok
20:25:43.0031 2220 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:25:43.0032 2220 sscdmdfl - ok
20:25:43.0056 2220 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:25:43.0057 2220 sscdmdm - ok
20:25:43.0106 2220 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:25:43.0118 2220 SSDPSRV - ok
20:25:43.0152 2220 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:25:43.0155 2220 SstpSvc - ok
20:25:43.0193 2220 Steam Client Service - ok
20:25:43.0275 2220 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:25:43.0287 2220 Stereo Service - ok
20:25:43.0319 2220 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
20:25:43.0329 2220 stisvc - ok
20:25:43.0354 2220 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:25:43.0355 2220 swenum - ok
20:25:43.0420 2220 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
20:25:43.0427 2220 swprv - ok
20:25:43.0435 2220 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:25:43.0437 2220 Symc8xx - ok
20:25:43.0447 2220 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:25:43.0449 2220 Sym_hi - ok
20:25:43.0474 2220 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:25:43.0475 2220 Sym_u3 - ok
20:25:43.0519 2220 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
20:25:43.0546 2220 SysMain - ok
20:25:43.0577 2220 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:25:43.0580 2220 TabletInputService - ok
20:25:43.0609 2220 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:25:43.0615 2220 TapiSrv - ok
20:25:43.0657 2220 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
20:25:43.0659 2220 TBS - ok
20:25:43.0821 2220 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:25:43.0838 2220 Tcpip - ok
20:25:43.0860 2220 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:25:43.0868 2220 Tcpip6 - ok
20:25:43.0921 2220 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:25:43.0930 2220 tcpipreg - ok
20:25:43.0946 2220 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:25:43.0948 2220 TDPIPE - ok
20:25:43.0981 2220 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:25:44.0008 2220 TDTCP - ok
20:25:44.0035 2220 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:25:44.0036 2220 tdx - ok
20:25:44.0136 2220 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:25:44.0186 2220 TeamViewer7 - ok
20:25:44.0205 2220 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:25:44.0206 2220 TermDD - ok
20:25:44.0234 2220 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
20:25:44.0255 2220 TermService - ok
20:25:44.0283 2220 [ 66CFDF478939DD6388858DE06F2CE14C ] Themes C:\Windows\system32\shsvcs.dll
20:25:44.0285 2220 Themes - ok
20:25:44.0301 2220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
20:25:44.0302 2220 THREADORDER - ok
20:25:44.0335 2220 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
20:25:44.0341 2220 TrkWks - ok
20:25:44.0377 2220 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:25:44.0377 2220 TrustedInstaller - ok
20:25:44.0393 2220 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:25:44.0395 2220 tssecsrv - ok
20:25:44.0405 2220 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:25:44.0405 2220 tunmp - ok
20:25:44.0430 2220 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:25:44.0431 2220 tunnel - ok
20:25:44.0445 2220 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:25:44.0446 2220 uagp35 - ok
20:25:44.0502 2220 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:25:44.0519 2220 udfs - ok
20:25:44.0548 2220 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:25:44.0550 2220 UI0Detect - ok
20:25:44.0561 2220 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:25:44.0564 2220 uliagpkx - ok
20:25:44.0582 2220 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:25:44.0585 2220 uliahci - ok
20:25:44.0599 2220 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:25:44.0603 2220 UlSata - ok
20:25:44.0617 2220 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:25:44.0620 2220 ulsata2 - ok
20:25:44.0636 2220 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:25:44.0637 2220 umbus - ok
20:25:44.0650 2220 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
20:25:44.0657 2220 upnphost - ok
20:25:44.0698 2220 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:25:44.0699 2220 usbaudio - ok
20:25:44.0734 2220 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:25:44.0736 2220 usbccgp - ok
20:25:44.0752 2220 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:25:44.0753 2220 usbcir - ok
20:25:44.0793 2220 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:25:44.0795 2220 usbehci - ok
20:25:44.0811 2220 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:25:44.0814 2220 usbhub - ok
20:25:44.0848 2220 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:25:44.0849 2220 usbohci - ok
20:25:44.0857 2220 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:25:44.0858 2220 usbprint - ok
20:25:44.0904 2220 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:25:44.0905 2220 USBSTOR - ok
20:25:44.0940 2220 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:25:44.0941 2220 usbuhci - ok
20:25:44.0960 2220 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
20:25:44.0972 2220 UxSms - ok
20:25:45.0003 2220 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
20:25:45.0012 2220 vds - ok
20:25:45.0025 2220 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:25:45.0027 2220 vga - ok
20:25:45.0041 2220 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:25:45.0042 2220 VgaSave - ok
20:25:45.0054 2220 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
20:25:45.0055 2220 viaide - ok
20:25:45.0121 2220 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
20:25:45.0134 2220 VMAuthdService - ok
20:25:45.0186 2220 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
20:25:45.0199 2220 vmci - ok
20:25:45.0242 2220 [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
20:25:45.0244 2220 vmkbd - ok
20:25:45.0268 2220 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:25:45.0269 2220 VMnetAdapter - ok
20:25:45.0282 2220 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:25:45.0295 2220 VMnetBridge - ok
20:25:45.0299 2220 VMnetDHCP - ok
20:25:45.0320 2220 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
20:25:45.0321 2220 VMnetuserif - ok
20:25:45.0348 2220 [ 6755C5E0A4E7B69563D8B4EA419EBC43 ] VMparport C:\Windows\system32\drivers\VMparport.sys
20:25:45.0349 2220 VMparport - ok
20:25:45.0444 2220 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
20:25:45.0470 2220 VMUSBArbService - ok
20:25:45.0487 2220 VMware NAT Service - ok
20:25:45.0504 2220 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
20:25:45.0504 2220 vmx86 - ok
20:25:45.0544 2220 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:25:45.0545 2220 volmgr - ok
20:25:45.0667 2220 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:25:45.0685 2220 volmgrx - ok
20:25:45.0718 2220 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:25:45.0721 2220 volsnap - ok
20:25:45.0741 2220 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:25:45.0744 2220 vsmraid - ok
20:25:45.0773 2220 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
20:25:45.0774 2220 vsock - ok
20:25:45.0812 2220 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
20:25:45.0831 2220 VSS - ok
20:25:45.0854 2220 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
20:25:45.0861 2220 W32Time - ok
20:25:45.0887 2220 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:25:45.0887 2220 WacomPen - ok
20:25:45.0920 2220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:25:45.0939 2220 Wanarp - ok
20:25:45.0943 2220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:25:45.0944 2220 Wanarpv6 - ok
20:25:45.0975 2220 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:25:45.0986 2220 wcncsvc - ok
20:25:46.0013 2220 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:25:46.0024 2220 WcsPlugInService - ok
20:25:46.0038 2220 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
20:25:46.0039 2220 Wd - ok
20:25:46.0069 2220 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:25:46.0084 2220 Wdf01000 - ok
20:25:46.0097 2220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:25:46.0100 2220 WdiServiceHost - ok
20:25:46.0104 2220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:25:46.0105 2220 WdiSystemHost - ok
20:25:46.0117 2220 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
20:25:46.0123 2220 WebClient - ok
20:25:46.0148 2220 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:25:46.0169 2220 Wecsvc - ok
20:25:46.0186 2220 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:25:46.0189 2220 wercplsupport - ok
20:25:46.0200 2220 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
20:25:46.0203 2220 WerSvc - ok
20:25:46.0215 2220 WinDefend - ok
20:25:46.0220 2220 WinHttpAutoProxySvc - ok
20:25:46.0283 2220 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:25:46.0298 2220 Winmgmt - ok
20:25:46.0347 2220 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
20:25:46.0391 2220 WinRM - ok
20:25:46.0431 2220 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:25:46.0459 2220 Wlansvc - ok
20:25:46.0478 2220 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:46.0479 2220 WmiAcpi - ok
20:25:46.0505 2220 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:25:46.0509 2220 wmiApSrv - ok
20:25:46.0523 2220 WMPNetworkSvc - ok
20:25:46.0535 2220 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:25:46.0540 2220 WPCSvc - ok
20:25:46.0582 2220 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:25:46.0603 2220 WPDBusEnum - ok
20:25:46.0652 2220 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:25:46.0664 2220 WpdUsb - ok
20:25:46.0843 2220 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:25:46.0859 2220 WPFFontCache_v0400 - ok
20:25:46.0875 2220 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:25:46.0875 2220 ws2ifsl - ok
20:25:46.0897 2220 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
20:25:46.0899 2220 wscsvc - ok
20:25:46.0903 2220 WSearch - ok
20:25:47.0160 2220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:25:47.0197 2220 wuauserv - ok
20:25:47.0209 2220 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:47.0211 2220 WUDFRd - ok
20:25:47.0232 2220 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:25:47.0236 2220 wudfsvc - ok
20:25:47.0251 2220 X6va009 - ok
20:25:47.0258 2220 X6va010 - ok
20:25:47.0262 2220 X6va011 - ok
20:25:47.0276 2220 ================ Scan global ===============================
20:25:47.0293 2220 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:25:47.0404 2220 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:25:47.0428 2220 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:25:47.0540 2220 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:25:47.0557 2220 [Global] - ok
20:25:47.0558 2220 ================ Scan MBR ==================================
20:25:47.0566 2220 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:25:49.0773 2220 \Device\Harddisk0\DR0 - ok
20:25:49.0773 2220 ================ Scan VBR ==================================
20:25:49.0796 2220 [ A184F8C36727B01D8E774037D781C0A6 ] \Device\Harddisk0\DR0\Partition1
20:25:49.0799 2220 \Device\Harddisk0\DR0\Partition1 - ok
20:25:49.0822 2220 [ B8C8826FA3A2EF639A1B434270D15070 ] \Device\Harddisk0\DR0\Partition2
20:25:49.0824 2220 \Device\Harddisk0\DR0\Partition2 - ok
20:25:49.0824 2220 ============================================================
20:25:49.0824 2220 Scan finished
20:25:49.0824 2220 ============================================================
20:25:49.0835 1052 Detected object count: 1
20:25:49.0835 1052 Actual detected object count: 1
20:26:03.0502 1052 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:26:03.0502 1052 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:26:51.0704 4720 Deinitialize success

Ich hoffe das ist jetzt alles und hoffe du kannst mir da weiterhelfen
schon mal vielen dank im voraus für deine mühe ;D

M-K-D-B

04.12.2012 16:11

Servus,

du hast mir 3 mal die OTL.txt gepostet, aber es fehlt immer noch die Extras.txt. Diese sollte sich in dem Ordner befinden, in dem du OTL gestartet hast.

Ein kleiner Hinweis noch:
Du solltest die Tools im übrigen vom Desktop aus starten und nicht vom Downloader-Ordner:

Zitat:

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Downloads

Bitte zukünftig darauf achten.

Sobald ich die Extras.txt habe, kanns losgehen. :)

Nirobe

04.12.2012 18:27

Die EXTRA:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 03.12.2012 16:57:33 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,03% Memory free

8,21 Gb Paging File | 6,66 Gb Available in Paging File | 81,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,42 Gb Free Space | 42,18% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

Drive E: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 21 ED 00 C1 1A 9A CD 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C00E5FE-F986-40AB-86E0-4818A5A791CC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{0C42CBF4-D37B-423F-B7D0-73548591CAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{27836FFE-3E2B-40BA-8B07-824F5668CC05}" = lport=139 | protocol=6 | dir=in | app=system | 

"{4B0FD562-3FC3-4940-9072-5959BDB5B932}" = lport=138 | protocol=17 | dir=in | app=system | 

"{8D63F81D-A5D9-4946-AD3D-7AD7AF1B6902}" = rport=139 | protocol=6 | dir=out | app=system | 

"{9B2D7AFF-3CB8-4749-8887-2A74157ECCB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B186C461-6ED7-450E-AF21-7BE8836E5A73}" = rport=137 | protocol=17 | dir=out | app=system | 

"{BE97D4B3-E61B-4876-BD5E-7E17144B9336}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D9F968A6-5B72-48CB-9DAF-3D16B52000EF}" = rport=138 | protocol=17 | dir=out | app=system | 

"{E5BC9E55-7343-4C4C-9443-571C99B273AC}" = rport=445 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C1F8059-A442-4EAA-A898-8E1B7184DB73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{136918B9-BD20-4E25-B6B0-B14E97E3D332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{2BC26E15-BE12-4F42-AFE4-320106DCB42E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 

"{361CC462-1DDF-486F-BAFD-20C57936612D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{3CBB30D7-F3A6-4AF2-BA94-BE36E889BE88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{41B1BDF8-590E-461B-8522-8A266DC1D9CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{47DDA791-6F23-4CC3-8818-E19D0AC1442D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{52704BD5-52B7-4D6D-86CB-9B9BC04CFBEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{5399A88D-9864-41F0-BB36-40A4D6A54AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{565D92B6-F108-4200-A048-662A1C805700}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{63425C82-3BC3-435C-815C-2225FF284242}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{6E6BC3F0-9616-45AD-9530-FF7B7349EFC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 

"{6FA8E28E-E3BB-4DCC-A9B9-D12EDE9D0DDE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{72083ACC-FC53-4E37-855C-587FFAAD15A7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{750520CE-63F4-4460-BFFF-1D647FF02565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{75BE7EE3-2C4B-4148-8E0F-72537EF723E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{87ABEF09-058B-40BA-B84B-F55ECD111B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 

"{89F2D9C5-AF1B-4581-951C-C6ED5CA89825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{8B751D7E-FBC0-41F4-A880-986B03211ADB}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{8B772FBB-856B-4B99-9D56-672189090FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{8D27D700-9B13-4F8A-AD29-C05FA259B8F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{8F7712CB-3D96-41FF-A8E9-17C6E4320619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 

"{927227B4-EBE5-4B28-A91A-4C43DCB372AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 

"{9A3989D4-2919-43C5-B03E-F08CC2DDB163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 

"{A2897128-B51D-4882-AB43-7588F138365B}" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 

"{B8D0F588-05CC-4730-BD72-DF72E02C561B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 

"{CA156975-0847-43EC-A1A7-7890AF10639B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{CDA7FCEF-E038-4C8D-8C13-FF5C247FDDE6}" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 

"{D258E189-210B-409A-AEF8-06BC3B918E56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 

"{DB6DF9FB-B12C-4FD4-9007-7DC2FBD59B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{DF542D2D-122A-4D1F-90B1-E249398408F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 

"{E9D884C2-E997-4324-B721-DEDDD3EDDB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{F8A71679-90A7-4778-A6DB-3BDE9EC32330}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 

"TCP Query User{024D2D44-73A8-4ACF-9B7E-891F7DC423BD}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 

"TCP Query User{1ED244D9-4229-4957-9541-D312BBF9564E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"TCP Query User{3D536110-EC31-4564-966C-F5966D231613}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"TCP Query User{7A9888C9-407A-4E38-9A87-D66D73100634}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 

"TCP Query User{7EBB10CB-FFE3-4410-B071-22190E2B96EC}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 

"TCP Query User{80CA4EA4-4ECC-4F56-A501-82C4549ADCDB}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"TCP Query User{8A3D5B66-5BA3-4EEB-9B28-3525592F1CC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{99A9C40A-B453-4394-9FA8-2C04C2250FAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{C3A75814-7FA0-4108-8409-AB11C0640EBF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"TCP Query User{C4601CC2-1197-43C5-8EAB-EDF9E3B97752}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{344BB24F-A0C6-4157-A464-0AB2FCC2BA47}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 

"UDP Query User{4E699C3C-A433-405B-BE82-B3AF008BCA53}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{60B1AD6F-1E6F-4543-9BB2-83C9A6EDEBC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{6E5CF0FE-FB88-48BC-8D97-EAEA06434F2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"UDP Query User{795ED364-8348-4F94-ABE2-670086827E80}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 

"UDP Query User{AE66EDA7-4EF5-4921-8446-BA746D306004}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 

"UDP Query User{C974A00B-BA80-4BF3-BE7B-7BC11D68ABAE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{E72B96A9-D1C3-4040-A2B6-270E8DB44241}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{E734B016-1C0B-4F91-B8DD-639F9B6350F8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"UDP Query User{EA80E8B1-6398-4E59-8145-4AD371429F1E}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"GIMP-2_is1" = GIMP 2.8.2

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VistaGlazz_is1" = VistaGlazz 2.4

"WinRAR archiver" = WinRAR 4.11 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AC58860-75E1-4622-99B3-694903175A12}" = S4 League_EU

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch

"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6

"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVMWLANCLI" = AVM FRITZ!WLAN

"Cheat Engine 6.2_is1" = Cheat Engine 6.2

"DAEMON Tools Lite" = DAEMON Tools Lite

"Fraps" = Fraps

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031

"Google Chrome" = Google Chrome

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Steam App 200210" = Realm of the Mad God

"Steam App 202480" = Creation Kit

"Steam App 22350" = BRINK

"Steam App 41070" = Serious Sam 3: BFE

"Steam App 43110" = Metro 2033

"Steam App 440" = Team Fortress 2

"Steam App 55230" = Saints Row: The Third

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 8190" = Just Cause 2

"TeamViewer 7" = TeamViewer 7

"VLC media player" = VLC media player 2.0.3

"VMware_Player" = VMware Player

"xampp" = XAMPP 1.8.0

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"FileZilla Client" = FileZilla Client 3.6.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 02.12.2012 09:34:58 | Computer Name = Jan-PC | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 02.12.2012 14:02:56 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 02.12.2012 14:02:56 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 02.12.2012 14:03:43 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 02.12.2012 14:03:43 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 02.12.2012 16:48:36 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.12.2012 18:04:12 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.12.2012 01:44:34 | Computer Name = Jan-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 03.12.2012 01:47:25 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.12.2012 09:02:22 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002

Description = Programm iw3mp.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: a20  Anfangszeit: 01cdd1565a9ed620  Zeitpunkt der Beendigung:

 1

 

Error - 03.12.2012 11:59:17 | Computer Name = Jan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

[ System Events ]

Error - 19.06.2012 11:47:17 | Computer Name = Jan-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 19.06.2012 um 17:46:17 unerwartet heruntergefahren.

 

Error - 19.06.2012 11:47:18 | Computer Name = Jan-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 20.06.2012 00:46:38 | Computer Name = Jan-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 20.06.2012 12:11:58 | Computer Name = Jan-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 20.06.2012 um 18:10:12 unerwartet heruntergefahren.

 

Error - 20.06.2012 12:11:59 | Computer Name = Jan-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 20.06.2012 12:13:38 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 20.06.2012 12:13:38 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 21.06.2012 12:45:33 | Computer Name = Jan-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 21.06.2012 um 17:13:21 unerwartet heruntergefahren.

 

Error - 22.06.2012 08:37:04 | Computer Name = Jan-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 22.06.2012 um 14:35:20 unerwartet heruntergefahren.

 

Error - 22.06.2012 10:08:00 | Computer Name = Jan-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 22.06.2012 um 16:06:54 unerwartet heruntergefahren.

 

 

< End of report >

--- --- ---

Das war in der EXTRA Datei drinn die direkt nach dem beenden des Scanns geöffnet wurde.

M-K-D-B

04.12.2012 19:48

Servus,

na dann kanns ja losgehen. ;)

Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
http://imageshack.us/a/img841/7292/thisisujrt.gif Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen. Drücke eine beliebige Taste, um den Suchlauf zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von ComboFix.

Nirobe

04.12.2012 22:07

Antwort Schritt 2:
# AdwCleaner v2.011 - Datei am 04/12/2012 um 22:02:25 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\Program Files (x86)\Perion
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\Users\Jan\AppData\Local\APN
Gelöscht mit Neustart : C:\Users\Jan\AppData\Local\Smartbar
Gelöscht mit Neustart : C:\Users\Jan\AppData\LocalLow\incredibar.com
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\OpenCandy
Gelöscht mit Neustart : C:\Users\Jan\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4812_1&babsrc=HP_ss&mntrId=e0acb527000000000000001f3f08cbc1 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=be65f917-4ace-43f2-ba7b-63cdd00a692f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5216 octets] - [04/12/2012 22:02:25]

########## EOF - C:\AdwCleaner[S1].txt - [5276 octets] ##########

Schritt 3:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.8.1 (12.04.2012:2)
OS: Windows (TM) Vista Home Premium x64
Ran by Jan on 04.12.2012 at 22:26:12,12
Blog: Malware Analysis and Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-870192084-3636044139-2260596-1000\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-870192084-3636044139-2260596-1000\software\web assistant"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jan\AppData\Roaming\dvdvideosoftiehelpers"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2012 at 22:29:33,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 4:Combofix Logfile:

Code:

ComboFix 12-12-04.01 - Jan 04.12.2012  22:49:09.1.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2651 [GMT 1:00]

ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Java\jre7\bin\ssv.dll

c:\windows\SysWow64\muzapp.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-04 bis 2012-12-04  ))))))))))))))))))))))))))))))

.

.

2012-12-04 21:58 . 2012-12-04 22:07        --------        d-----w-        c:\users\Jan\AppData\Local\temp

2012-12-04 21:43 . 2012-12-04 21:43        --------        d-----w-        c:\users\Jan\AppData\Roaming\Avira

2012-12-04 21:39 . 2012-12-04 21:40        --------        d-----w-        c:\program files (x86)\Ask.com

2012-12-04 21:39 . 2012-12-04 21:39        --------        d-----w-        C:\Firefox

2012-12-04 21:39 . 2012-12-04 21:39        --------        d-----w-        c:\users\Jan\AppData\Local\APN

2012-12-04 21:39 . 2012-11-16 19:17        98888        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-12-04 21:39 . 2012-11-16 19:17        27800        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-12-04 21:39 . 2012-11-16 19:17        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-12-04 21:39 . 2012-12-04 21:40        --------        d-----w-        c:\programdata\Avira

2012-12-04 21:39 . 2012-12-04 21:39        --------        d-----w-        c:\program files (x86)\Avira

2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        c:\windows\ERUNT

2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        C:\JRT

2012-12-04 18:54 . 2012-12-04 18:54        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-12-04 18:54 . 2012-12-04 18:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-04 18:53 . 2012-12-04 18:53        --------        d-----w-        c:\program files (x86)\Java

2012-12-04 17:30 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C421986F-EC7C-49D3-AAFA-22A2613930B8}\mpengine.dll

2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\DVDVideoSoft

2012-12-02 13:31 . 2012-12-02 14:39        --------        d-----w-        c:\program files (x86)\Google

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\users\Jan\AppData\Roaming\Malwarebytes

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-02 09:01 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\users\Jan\AppData\Roaming\TuneUp Software

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\programdata\TuneUp Software

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-12-02 02:53 . 2012-12-02 02:53        --------        d--h--w-        c:\programdata\Common Files

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\searchplugins

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\Extensions

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\program files\CodeGazer

2012-12-02 02:08 . 2012-12-02 02:17        --------        d-----w-        c:\users\Jan\AppData\Roaming\EvJOWallpaper

2012-12-02 02:08 . 2012-12-02 02:08        --------        d-----w-        c:\program files (x86)\EvJOSoft

2012-12-02 02:04 . 2012-12-02 02:04        --------        d-----w-        c:\windows\Downloaded Installations

2012-12-02 01:58 . 2012-12-02 01:58        2560        ----a-w-        c:\windows\_MSRSTRT.EXE

2012-12-01 23:20 . 2003-05-14 20:07        389120        ------w-        c:\windows\SysWow64\actskn43.ocx

2012-12-01 23:19 . 2012-12-02 01:58        --------        d-----w-        c:\program files (x86)\Wallpaper Juggler

2012-12-01 23:19 . 2001-03-13 13:49        140288        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX

2012-12-01 23:19 . 1998-04-23 23:00        368912        ----a-w-        c:\windows\SysWow64\vbar332.dll

2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\fontconfig

2012-11-28 19:04 . 2012-12-02 21:47        --------        d-----w-        c:\users\Jan\.gimp-2.8

2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\gegl-0.2

2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\programdata\AVS4YOU

2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\users\Jan\AppData\Roaming\AVS4YOU

2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\Common Files\AVSMedia

2012-11-26 20:26 . 2010-07-08 11:25        1700352        ----a-w-        c:\windows\SysWow64\GdiPlus.dll

2012-11-26 20:26 . 2010-07-08 11:25        24576        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\AVS4YOU

2012-11-16 14:26 . 2012-09-25 16:31        91648        ----a-w-        c:\windows\system32\synceng.dll

2012-11-16 14:26 . 2012-09-25 16:19        75776        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-16 14:23 . 2012-10-12 14:53        2769920        ----a-w-        c:\windows\system32\win32k.sys

2012-11-09 13:59 . 2012-11-09 13:59        --------        d-----w-        c:\programdata\Tages

2012-11-07 16:22 . 2012-12-02 08:41        --------        d-----w-        c:\users\Jan\AppData\Roaming\FileZilla

2012-11-07 16:22 . 2012-11-17 16:46        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-04 18:53 . 2012-05-12 15:40        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-12-04 18:53 . 2012-05-12 15:40        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-12-02 02:53 . 2012-05-17 13:21        688640        ----a-w-        c:\windows\system32\themeui.dll

2012-12-02 02:53 . 2012-05-13 11:33        302080        ----a-w-        c:\windows\system32\shsvcs.dll

2012-12-02 02:53 . 2008-01-21 02:50        317440        ----a-w-        c:\windows\system32\uxtheme.dll

2012-11-16 20:30 . 2006-11-02 12:35        66395536        ----a-w-        c:\windows\system32\mrt.exe

2012-10-10 19:23 . 2012-10-10 19:23        1867112        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23        18252136        ----a-w-        c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2012-10-10 19:23        1482600        ----a-w-        c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23        6127464        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23        2574696        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23        7414632        ----a-w-        c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23        2731880        ----a-w-        c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-10-10 19:23        14922600        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2012-10-10 19:23 . 2012-10-10 19:23        9146728        ----a-w-        c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        7697768        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        2218344        ----a-w-        c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23        12501352        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22        2428776        ----a-w-        c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22        26331496        ----a-w-        c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2012-02-09 20:43        1760104        ----a-w-        c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2012-02-09 20:43        15309160        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22        2747240        ----a-w-        c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22        19906920        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22        13443944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2012-10-09 15:14 . 2012-10-09 15:14        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-10-08 17:52 . 2012-10-08 17:52        314016        ----a-w-        c:\windows\system32\drivers\atksgt.sys

2012-10-08 17:52 . 2012-10-08 17:52        43680        ----a-w-        c:\windows\system32\drivers\lirsgt.sys

2012-10-02 19:51 . 2012-10-18 12:52        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-10-18 12:52        6200680        ----a-w-        c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-10-18 12:52        891240        ----a-w-        c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-10-18 12:52        63336        ----a-w-        c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-10-18 12:52        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2012-10-18 12:52        118120        ----a-w-        c:\windows\system32\nvmctray.dll

2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2012-09-28 01:10 . 2012-09-28 01:10        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2012-09-28 01:10 . 2012-09-28 01:10        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2012-09-28 01:10 . 2012-09-28 01:10        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2012-09-28 01:10 . 2012-09-28 01:10        367104        ----a-w-        c:\windows\SysWow64\html.iec

2012-09-28 01:10 . 2012-09-28 01:10        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2012-09-28 01:10 . 2012-09-28 01:10        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2012-09-28 01:10 . 2012-09-28 01:10        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2012-09-28 01:10 . 2012-09-28 01:10        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2012-09-28 01:10 . 2012-09-28 01:10        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2012-09-28 01:10 . 2012-09-28 01:10        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

2012-09-28 01:10 . 2012-09-28 01:10        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2012-09-28 01:10 . 2012-09-28 01:10        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll

2012-09-28 01:10 . 2012-09-28 01:10        49664        ----a-w-        c:\windows\system32\imgutil.dll

2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2012-09-28 01:10 . 2012-09-28 01:10        267776        ----a-w-        c:\windows\system32\ieaksie.dll

2012-09-28 01:10 . 2012-09-28 01:10        222208        ----a-w-        c:\windows\system32\msls31.dll

2012-09-28 01:10 . 2012-09-28 01:10        197120        ----a-w-        c:\windows\system32\msrating.dll

2012-09-28 01:10 . 2012-09-28 01:10        163840        ----a-w-        c:\windows\system32\ieakui.dll

2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\ieakeng.dll

2012-09-28 01:10 . 2012-09-28 01:10        145920        ----a-w-        c:\windows\system32\iepeers.dll

2012-09-28 01:10 . 2012-09-28 01:10        136192        ----a-w-        c:\windows\system32\advpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        12288        ----a-w-        c:\windows\system32\mshta.exe

2012-09-28 01:10 . 2012-09-28 01:10        114176        ----a-w-        c:\windows\system32\admparse.dll

2012-09-28 01:10 . 2012-09-28 01:10        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2012-09-28 01:10 . 2012-09-28 01:10        10752        ----a-w-        c:\windows\system32\msfeedssync.exe

2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\ie4uinit.exe

2012-09-28 01:10 . 2012-09-28 01:10        85504        ----a-w-        c:\windows\system32\iesetup.dll

2012-09-28 01:10 . 2012-09-28 01:10        82432        ----a-w-        c:\windows\system32\icardie.dll

2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\system32\tdc.ocx

2012-09-28 01:10 . 2012-09-28 01:10        534528        ----a-w-        c:\windows\system32\ieapfltr.dll

2012-09-28 01:10 . 2012-09-28 01:10        452608        ----a-w-        c:\windows\system32\dxtmsft.dll

2012-09-28 01:10 . 2012-09-28 01:10        448512        ----a-w-        c:\windows\system32\html.iec

2012-09-28 01:10 . 2012-09-28 01:10        403248        ----a-w-        c:\windows\system32\iedkcs32.dll

2012-09-28 01:10 . 2012-09-28 01:10        39936        ----a-w-        c:\windows\system32\iernonce.dll

2012-09-28 01:10 . 2012-09-28 01:10        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat

2012-09-28 01:10 . 2012-09-28 01:10        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2012-09-28 01:10 . 2012-09-28 01:10        282112        ----a-w-        c:\windows\system32\dxtrans.dll

2012-09-28 01:10 . 2012-09-28 01:10        249344        ----a-w-        c:\windows\system32\webcheck.dll

2012-09-28 01:10 . 2012-09-28 01:10        165888        ----a-w-        c:\windows\system32\iexpress.exe

2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\wextract.exe

2012-09-28 01:10 . 2012-09-28 01:10        103936        ----a-w-        c:\windows\system32\inseng.dll

2012-09-28 01:10 . 2012-09-28 01:10        65024        ----a-w-        c:\windows\system32\pngfilt.dll

2012-09-28 01:10 . 2012-09-28 01:10        149504        ----a-w-        c:\windows\system32\occache.dll

2012-09-26 18:57 . 2012-10-07 09:24        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll

2012-09-26 18:57 . 2012-09-26 18:57        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2012-09-26 18:57 . 2012-09-26 18:57        330240        ----a-w-        c:\windows\MASetupCaller.dll

2012-09-26 18:57 . 2012-09-26 18:57        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2012-09-26 18:57 . 2012-10-07 09:23        319456        ----a-w-        c:\windows\SysWow64\DIFxAPI.dll

2012-09-26 18:57 . 2012-09-26 18:57        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll

2012-09-26 18:57 . 2012-09-26 18:57        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax

2012-09-26 18:57 . 2012-09-26 18:57        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-10 . 9235EC680D3DB17464B39C7C7DECB4DD . 301568 . . [6.0.6001.18287] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_28ff7f1fd585934f\shsvcs.dll

[7] 2009-07-10 . 3F6101365E6319171054ADD75788516C . 300032 . . [6.0.6000.21081] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_279cb3aaf1823d60\shsvcs.dll

[7] 2009-07-10 . C2409C9B7C7E422E7680AE4E1738BFC8 . 302080 . . [6.0.6001.22467] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_299ebda8ee92f85e\shsvcs.dll

[7] 2009-07-10 . F33C4D0B9EEFCDE346F8753DC4D6867F . 299520 . . [6.0.6000.16883] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_27153f51d8629d02\shsvcs.dll

[7] 2009-07-10 . 00DD742B99B278429714DEE859A73DD0 . 302080 . . [6.0.6002.22169] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll

[7] 2009-07-10 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6002.18063] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_2af7919dd29f485c\shsvcs.dll

[7] 2009-04-11 . 2AD15758174DCC7993FF3C00A955DD66 . 301568 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_2b3a71b9d26cd364\shsvcs.dll

[7] 2008-01-21 . EB3114330236CF030E8EDF62881BAF67 . 301568 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_294ef8add54b0818\shsvcs.dll

[-] 2012-12-02 . 66CFDF478939DD6388858DE06F2CE14C . 302080 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-10-29 16:33        1521872        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]

"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\Software\SecuROM\License information*]

"datasecu"=hex:f4,5b,27,40,9b,f1,90,b3,fd,37,90,8d,e4,66,29,ee,35,44,05,5e,32,

   49,e2,cc,61,68,84,d5,44,11,1d,3e,37,f6,6d,bb,f8,34,66,c1,5e,b4,42,06,7e,a3,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-12-04  23:12:00 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-12-04 22:11

.

Vor Suchlauf: 13 Verzeichnis(se), 315.932.594.176 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 315.981.926.400 Bytes frei

.

- - End Of File - - E65B527457CA10320B1FE19B5C4E09C0

--- --- ---

Ich hab jetzt ein Problem!!!!! nach dem letzten Scan funktioniert mein Fritz W-Lan stick nicht mehr auserdem brauch ich knapp 2 minuten zum hochfahren auserdem klappt steam auch nicht mehr -.- kanst du mir da helfen??

M-K-D-B

05.12.2012 17:49

Servus,

Zitat:

Zitat von Nirobe (Beitrag 968264)

Ich hab jetzt ein Problem!!!!! nach dem letzten Scan funktioniert mein Fritz W-Lan stick nicht mehr auserdem brauch ich knapp 2 minuten zum hochfahren auserdem klappt steam auch nicht mehr -.- kanst du mir da helfen??

Du bist der erste, der mir solche Probleme schildert. Mal schaun, was wir da tun können. Bevor es weitergeht, hätte ich da zwei Fragen:

Wieso hast du die Ask-Toolbar installiert?

Zitat:

2012-12-04 21:39 . 2012-12-04 21:40 -------- d-----w- c:\program files (x86)\Ask.com

Hast du noch Probleme mit MyStart Incredibar?
Wenn ja, in welchem Browser?

Nirobe

05.12.2012 18:00

Die ASK-Toolbar hab ich wohl Aus versehen bei Avira Free Antivir mitinstalliert. Ob das Problem mit der Mystart Incredibar weg ist weis ich nicht da wie schon erwähnt mein Internet nicht mehr klappt.

M-K-D-B

05.12.2012 19:34

Servus,

Schritt 1

Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Ask Toolbar
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 2
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

FCopy:: c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll | c:\windows\system32\shsvcs.dll

Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Kannst du nun wieder ins Internet?

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Beantwortung der gestellten Frage.

Nirobe

05.12.2012 21:49

Logdatei CombiFix:Combofix Logfile:

Code:

ComboFix 12-12-04.01 - Jan 05.12.2012  21:01:03.3.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2873 [GMT 1:00]

ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Jan\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll --> c:\windows\system32\shsvcs.dll

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-05 bis 2012-12-05  ))))))))))))))))))))))))))))))

.

.

2012-12-05 20:08 . 2012-12-05 20:17        --------        d-----w-        c:\users\Jan\AppData\Local\temp

2012-12-05 20:08 . 2012-12-05 20:08        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-12-05 20:08 . 2012-12-05 20:08        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-05 15:43 . 2012-12-05 15:43        --------        d-----w-        c:\program files (x86)\avmwlanstick

2012-12-05 15:35 . 2009-03-20 00:03        480560        ------w-        c:\windows\instwcli.dex

2012-12-04 21:39 . 2012-12-04 21:39        --------        d-----w-        c:\users\Jan\AppData\Local\APN

2012-12-04 21:39 . 2012-12-04 22:27        --------        d-----w-        c:\programdata\Avira

2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        c:\windows\ERUNT

2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        C:\JRT

2012-12-04 18:54 . 2012-12-04 18:54        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-12-04 18:54 . 2012-12-04 18:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-04 18:53 . 2012-12-04 18:53        --------        d-----w-        c:\program files (x86)\Java

2012-12-04 17:30 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C421986F-EC7C-49D3-AAFA-22A2613930B8}\mpengine.dll

2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\DVDVideoSoft

2012-12-02 13:31 . 2012-12-02 14:39        --------        d-----w-        c:\program files (x86)\Google

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\users\Jan\AppData\Roaming\Malwarebytes

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-02 09:01 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\users\Jan\AppData\Roaming\TuneUp Software

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\programdata\TuneUp Software

2012-12-02 02:53 . 2012-12-02 02:53        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-12-02 02:53 . 2012-12-02 02:53        --------        d--h--w-        c:\programdata\Common Files

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\searchplugins

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\Extensions

2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\program files\CodeGazer

2012-12-02 02:08 . 2012-12-02 02:17        --------        d-----w-        c:\users\Jan\AppData\Roaming\EvJOWallpaper

2012-12-02 02:08 . 2012-12-02 02:08        --------        d-----w-        c:\program files (x86)\EvJOSoft

2012-12-02 02:04 . 2012-12-02 02:04        --------        d-----w-        c:\windows\Downloaded Installations

2012-12-02 01:58 . 2012-12-02 01:58        2560        ----a-w-        c:\windows\_MSRSTRT.EXE

2012-12-01 23:20 . 2003-05-14 20:07        389120        ------w-        c:\windows\SysWow64\actskn43.ocx

2012-12-01 23:19 . 2012-12-02 01:58        --------        d-----w-        c:\program files (x86)\Wallpaper Juggler

2012-12-01 23:19 . 2001-03-13 13:49        140288        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX

2012-12-01 23:19 . 1998-04-23 23:00        368912        ----a-w-        c:\windows\SysWow64\vbar332.dll

2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\fontconfig

2012-11-28 19:04 . 2012-12-02 21:47        --------        d-----w-        c:\users\Jan\.gimp-2.8

2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\gegl-0.2

2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\programdata\AVS4YOU

2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\users\Jan\AppData\Roaming\AVS4YOU

2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\Common Files\AVSMedia

2012-11-26 20:26 . 2010-07-08 11:25        1700352        ----a-w-        c:\windows\SysWow64\GdiPlus.dll

2012-11-26 20:26 . 2010-07-08 11:25        24576        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\AVS4YOU

2012-11-16 14:26 . 2012-09-25 16:31        91648        ----a-w-        c:\windows\system32\synceng.dll

2012-11-16 14:26 . 2012-09-25 16:19        75776        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-16 14:23 . 2012-10-12 14:53        2769920        ----a-w-        c:\windows\system32\win32k.sys

2012-11-09 13:59 . 2012-11-09 13:59        --------        d-----w-        c:\programdata\Tages

2012-11-07 16:22 . 2012-12-02 08:41        --------        d-----w-        c:\users\Jan\AppData\Roaming\FileZilla

2012-11-07 16:22 . 2012-11-17 16:46        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-04 18:53 . 2012-05-12 15:40        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-12-04 18:53 . 2012-05-12 15:40        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-12-02 02:53 . 2012-05-17 13:21        688640        ----a-w-        c:\windows\system32\themeui.dll

2012-12-02 02:53 . 2008-01-21 02:50        317440        ----a-w-        c:\windows\system32\uxtheme.dll

2012-11-16 20:30 . 2006-11-02 12:35        66395536        ----a-w-        c:\windows\system32\mrt.exe

2012-10-10 19:23 . 2012-10-10 19:23        1867112        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23        18252136        ----a-w-        c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2012-10-10 19:23        1482600        ----a-w-        c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23        6127464        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23        2574696        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23        7414632        ----a-w-        c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23        2731880        ----a-w-        c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-10-10 19:23        14922600        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2012-10-10 19:23 . 2012-10-10 19:23        9146728        ----a-w-        c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        7697768        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23        2218344        ----a-w-        c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23        12501352        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22        2428776        ----a-w-        c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22        26331496        ----a-w-        c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2012-02-09 20:43        1760104        ----a-w-        c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2012-02-09 20:43        15309160        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22        2747240        ----a-w-        c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22        19906920        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22        13443944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2012-10-09 15:14 . 2012-10-09 15:14        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-10-08 17:52 . 2012-10-08 17:52        314016        ----a-w-        c:\windows\system32\drivers\atksgt.sys

2012-10-08 17:52 . 2012-10-08 17:52        43680        ----a-w-        c:\windows\system32\drivers\lirsgt.sys

2012-10-02 19:51 . 2012-10-18 12:52        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-10-18 12:52        6200680        ----a-w-        c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-10-18 12:52        891240        ----a-w-        c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-10-18 12:52        63336        ----a-w-        c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-10-18 12:52        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2012-10-18 12:52        118120        ----a-w-        c:\windows\system32\nvmctray.dll

2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2012-09-28 01:10 . 2012-09-28 01:10        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2012-09-28 01:10 . 2012-09-28 01:10        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2012-09-28 01:10 . 2012-09-28 01:10        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2012-09-28 01:10 . 2012-09-28 01:10        367104        ----a-w-        c:\windows\SysWow64\html.iec

2012-09-28 01:10 . 2012-09-28 01:10        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2012-09-28 01:10 . 2012-09-28 01:10        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2012-09-28 01:10 . 2012-09-28 01:10        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2012-09-28 01:10 . 2012-09-28 01:10        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2012-09-28 01:10 . 2012-09-28 01:10        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2012-09-28 01:10 . 2012-09-28 01:10        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

2012-09-28 01:10 . 2012-09-28 01:10        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2012-09-28 01:10 . 2012-09-28 01:10        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll

2012-09-28 01:10 . 2012-09-28 01:10        49664        ----a-w-        c:\windows\system32\imgutil.dll

2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2012-09-28 01:10 . 2012-09-28 01:10        267776        ----a-w-        c:\windows\system32\ieaksie.dll

2012-09-28 01:10 . 2012-09-28 01:10        222208        ----a-w-        c:\windows\system32\msls31.dll

2012-09-28 01:10 . 2012-09-28 01:10        197120        ----a-w-        c:\windows\system32\msrating.dll

2012-09-28 01:10 . 2012-09-28 01:10        163840        ----a-w-        c:\windows\system32\ieakui.dll

2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\ieakeng.dll

2012-09-28 01:10 . 2012-09-28 01:10        145920        ----a-w-        c:\windows\system32\iepeers.dll

2012-09-28 01:10 . 2012-09-28 01:10        136192        ----a-w-        c:\windows\system32\advpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2012-09-28 01:10 . 2012-09-28 01:10        12288        ----a-w-        c:\windows\system32\mshta.exe

2012-09-28 01:10 . 2012-09-28 01:10        114176        ----a-w-        c:\windows\system32\admparse.dll

2012-09-28 01:10 . 2012-09-28 01:10        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2012-09-28 01:10 . 2012-09-28 01:10        10752        ----a-w-        c:\windows\system32\msfeedssync.exe

2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\ie4uinit.exe

2012-09-28 01:10 . 2012-09-28 01:10        85504        ----a-w-        c:\windows\system32\iesetup.dll

2012-09-28 01:10 . 2012-09-28 01:10        82432        ----a-w-        c:\windows\system32\icardie.dll

2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\system32\tdc.ocx

2012-09-28 01:10 . 2012-09-28 01:10        534528        ----a-w-        c:\windows\system32\ieapfltr.dll

2012-09-28 01:10 . 2012-09-28 01:10        452608        ----a-w-        c:\windows\system32\dxtmsft.dll

2012-09-28 01:10 . 2012-09-28 01:10        448512        ----a-w-        c:\windows\system32\html.iec

2012-09-28 01:10 . 2012-09-28 01:10        403248        ----a-w-        c:\windows\system32\iedkcs32.dll

2012-09-28 01:10 . 2012-09-28 01:10        39936        ----a-w-        c:\windows\system32\iernonce.dll

2012-09-28 01:10 . 2012-09-28 01:10        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat

2012-09-28 01:10 . 2012-09-28 01:10        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2012-09-28 01:10 . 2012-09-28 01:10        282112        ----a-w-        c:\windows\system32\dxtrans.dll

2012-09-28 01:10 . 2012-09-28 01:10        249344        ----a-w-        c:\windows\system32\webcheck.dll

2012-09-28 01:10 . 2012-09-28 01:10        165888        ----a-w-        c:\windows\system32\iexpress.exe

2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\wextract.exe

2012-09-28 01:10 . 2012-09-28 01:10        103936        ----a-w-        c:\windows\system32\inseng.dll

2012-09-28 01:10 . 2012-09-28 01:10        65024        ----a-w-        c:\windows\system32\pngfilt.dll

2012-09-28 01:10 . 2012-09-28 01:10        149504        ----a-w-        c:\windows\system32\occache.dll

2012-09-26 18:57 . 2012-10-07 09:24        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll

2012-09-26 18:57 . 2012-09-26 18:57        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2012-09-26 18:57 . 2012-09-26 18:57        330240        ----a-w-        c:\windows\MASetupCaller.dll

2012-09-26 18:57 . 2012-09-26 18:57        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2012-09-26 18:57 . 2012-10-07 09:23        319456        ----a-w-        c:\windows\SysWow64\DIFxAPI.dll

2012-09-26 18:57 . 2012-09-26 18:57        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll

2012-09-26 18:57 . 2012-09-26 18:57        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll

2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll

2012-09-26 18:57 . 2012-09-26 18:57        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax

2012-09-26 18:57 . 2012-09-26 18:57        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll

2012-09-26 18:57 . 2012-09-26 18:57        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]

"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-04-23 1904640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\Software\SecuROM\License information*]

"datasecu"=hex:f4,5b,27,40,9b,f1,90,b3,fd,37,90,8d,e4,66,29,ee,35,44,05,5e,32,

   49,e2,cc,61,68,84,d5,44,11,1d,3e,37,f6,6d,bb,f8,34,66,c1,5e,b4,42,06,7e,a3,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-12-05  21:20:02 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-12-05 20:20

ComboFix2.txt  2012-12-05 19:27

ComboFix3.txt  2012-12-04 22:12

.

Vor Suchlauf: 14 Verzeichnis(se), 314.587.115.520 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 314.422.857.728 Bytes frei

.

- - End Of File - - 0F4595E55AA982A81BADA0C4EFEBF302

--- --- ---

Wegen dem Internet es geht immer noch nicht da steht"Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden" hab leider keine Ahnung was das bedeutet vielleicht kannst du damit ja was anfangen.

M-K-D-B

06.12.2012 19:14

Servus,

Führe den folgenden OTL-Fix aus und berichte, ob du nun wieder Internetzugriff hast.

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:files

netsh winsock reset /C
 

:Commands

[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Nirobe

06.12.2012 19:56

Was meinst du mit unkenntlich gemachten stellen??

M-K-D-B

06.12.2012 20:27

Servus,

damit meine ich Benutzernamen, an die gerne mal durch ***** ersetzt werden.

Das betrifft dich aber nicht. ;)

Nirobe

06.12.2012 20:39

========== FILES ==========
< netsh winsock reset /C >
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107
Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12062012_202959

M-K-D-B

06.12.2012 20:40

Servus,

wie sieht es mit dem Internet aus?

Nirobe

06.12.2012 20:40

Das Internet geht immer noch nicht allerdings Steam klappt im offline Modus wieder

hast du irdentwie ein Chat wo wir schreiben können? Hab grade den Laptop von meinem Bruder da.

M-K-D-B

06.12.2012 20:51

Servus,

Schritt 1
Drücke Start.
Gib in den Suchleiste CMD ein.
Bei den Ergebnissen rechtsklick auf die cmd.exe -> Als Administrator starten
Gib im Fenster folgendes ein: netsh winsock reset
Bestätige mit Enter.
Starte deinen Rechner im Abschluss neu auf.

Schritt 2
Downloade dir bitte Farbar's Service Scanner auf deinen Desktop.

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Bitte poste mit deiner nächsten Antwort

eine Rückmeldung, ob du wieder ins Internet kommst,
die Logdatei von FSS.

Nirobe

06.12.2012 21:29

JUHUUU Internet geht Wieder ;D Dafür Schonmal VIEELEN Danke

Hier die Datei:

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-09-25 15:42] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-25 15:45] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2012-05-13 11:38] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2012-05-17 14:21] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2012-05-17 14:22] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2012-05-17 14:21] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 21:26] - [2012-06-02 01:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

P.s. Die Mystart Incredibar ist auch weg ;D

Noch eine frage Wie kann ich (bei Vista ) Die Fensterfarbe und Darstellung "Editieren" bzw neue hinzufügen da der alte Vista style nicht mehr geht nun muss ich mit dem Standard Windows aussehen klar kommen was mir aber auf dauer so nicht gefällt kann ich da irgend was machen das das wieder geht?

M-K-D-B

07.12.2012 17:45

Servus,

Zitat:

Zitat von Nirobe (Beitrag 969339)

JUHUUU Internet geht Wieder ;D Dafür Schonmal VIEELEN Danke

P.s. Die Mystart Incredibar ist auch weg ;D

Sehr gut! :daumenhoc

Zitat:

Zitat von Nirobe (Beitrag 969339)

Noch eine frage Wie kann ich (bei Vista ) Die Fensterfarbe und Darstellung "Editieren" bzw neue hinzufügen da der alte Vista style nicht mehr geht nun muss ich mit dem Standard Windows aussehen klar kommen was mir aber auf dauer so nicht gefällt kann ich da irgend was machen das das wieder geht?

Rechtsklick auf den Desktop > Anpassen
Dort solltest du diverse Einstellungen zur Darstellung finden. :)

Es gibt noch was zu tun, also halten wir uns ran. ;)

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]

"Start"=dword:00000002
 

:Commands

[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte das Tool FSS mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Windows Defender
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei des OTL-Fix,
die Logdatei von FSS,
die beiden Logdateien von OTL.

Nirobe

07.12.2012 18:29

Schritt 1:
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\\"Start"|dword:00000002 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12072012_182301

Schritt2:
Farbar Service Scanner Version: 04-12-2012
Ran by Jan (administrator) on 07-12-2012 at 18:37:17
Running from "C:\Users\Jan\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Nirobe

07.12.2012 18:49

Schritt 3:
OTL Datei:OTL Logfile:

Code:

OTL logfile created on: 07.12.2012 18:38:16 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free

8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe

PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.11.16 16:02:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe

PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2012.02.28 16:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe

PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll

MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll

MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll

MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll

MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll

MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll

MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll

MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll

MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll

MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll

MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll

MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll

MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll

MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll

MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll

MOD - [2012.11.10 20:57:08 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012.12.07 18:09:36 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.11.16 16:03:43 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)

SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)

DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)

DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)

DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: https://www.google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://www.google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\

CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\

CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.12.05 21:17:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.06 23:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.12.06 23:18:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012.12.06 23:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.12.06 21:17:44 | 000,696,153 | ---- | C] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe

[2012.12.06 20:29:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.12.05 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira

[2012.12.05 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.12.05 22:59:38 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.12.05 22:59:38 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.12.05 22:59:38 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.12.05 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.12.05 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\temp

[2012.12.05 21:17:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012.12.05 20:55:39 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012.12.05 19:49:08 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe

[2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN

[2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick

[2012.12.05 16:35:14 | 000,480,560 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex

[2012.12.04 22:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.12.04 22:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.12.04 22:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.12.04 22:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.04 22:44:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.12.04 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\APN

[2012.12.04 22:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.12.04 22:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012.12.04 22:26:07 | 000,000,000 | ---D | C] -- C:\JRT

[2012.12.04 22:22:20 | 000,907,917 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe

[2012.12.04 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.12.04 19:54:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.04 19:54:13 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.04 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.12.03 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012.12.03 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012.12.03 20:25:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe

[2012.12.03 17:34:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe

[2012.12.03 16:55:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe

[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData

[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes

[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software

[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer

[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper

[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft

[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler

[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll

[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler

[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2

[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8

[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU

[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll

[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung

[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken

[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.07 18:31:53 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.07 18:31:53 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.07 18:31:53 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.07 18:31:52 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.07 18:31:52 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.07 18:24:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.07 18:24:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.07 17:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.06 21:17:56 | 000,696,153 | ---- | M] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe

[2012.12.05 21:17:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.12.05 19:46:10 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe

[2012.12.05 19:20:28 | 000,091,542 | ---- | M] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf

[2012.12.04 22:23:39 | 000,907,917 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe

[2012.12.04 22:01:40 | 000,540,743 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe

[2012.12.04 19:54:01 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.12.04 19:53:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.04 19:53:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.04 19:53:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.12.03 20:25:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe

[2012.12.03 20:22:58 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat

[2012.12.03 17:35:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe

[2012.12.03 17:25:36 | 000,000,168 | ---- | M] () -- C:\Users\Jan\defogger_reenable

[2012.12.03 17:25:18 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Desktop\Defogger.exe

[2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe

[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll

[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.24 21:12:22 | 000,000,432 | -HS- | M] () -- C:\Users\Jan\Desktop\desktop (2).ini

[2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.05 21:36:55 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf

[2012.12.05 19:16:33 | 000,091,542 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf

[2012.12.04 22:45:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.12.04 22:45:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.12.04 22:45:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.12.04 22:45:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.12.04 22:45:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.12.04 22:01:34 | 000,540,743 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe

[2012.12.03 20:22:58 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat

[2012.12.03 17:25:36 | 000,000,168 | ---- | C] () -- C:\Users\Jan\defogger_reenable

[2012.12.03 17:25:16 | 000,050,477 | ---- | C] () -- C:\Users\Jan\Desktop\Defogger.exe

[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel

[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx

[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf

[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf

[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf

[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf

[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf

[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf

[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf

[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\wbemess.dll
 

< End of report >

--- --- ---

Schritt3:
EXTRAS DATEI:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 07.12.2012 18:38:16 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free

8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS

Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 21 ED 00 C1 1A 9A CD 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{0C00E5FE-F986-40AB-86E0-4818A5A791CC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{0C42CBF4-D37B-423F-B7D0-73548591CAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{27836FFE-3E2B-40BA-8B07-824F5668CC05}" = lport=139 | protocol=6 | dir=in | app=system | 

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4B0FD562-3FC3-4940-9072-5959BDB5B932}" = lport=138 | protocol=17 | dir=in | app=system | 

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8D63F81D-A5D9-4946-AD3D-7AD7AF1B6902}" = rport=139 | protocol=6 | dir=out | app=system | 

"{9B2D7AFF-3CB8-4749-8887-2A74157ECCB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B186C461-6ED7-450E-AF21-7BE8836E5A73}" = rport=137 | protocol=17 | dir=out | app=system | 

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{BE97D4B3-E61B-4876-BD5E-7E17144B9336}" = lport=445 | protocol=6 | dir=in | app=system | 

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D9F968A6-5B72-48CB-9DAF-3D16B52000EF}" = rport=138 | protocol=17 | dir=out | app=system | 

"{E5BC9E55-7343-4C4C-9443-571C99B273AC}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0C1F8059-A442-4EAA-A898-8E1B7184DB73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{136918B9-BD20-4E25-B6B0-B14E97E3D332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{1F8AD80B-E818-435D-BE3F-D0FA9E4CCC8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 

"{2D75E5F2-8195-4808-9F38-E68E980C3344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 

"{361CC462-1DDF-486F-BAFD-20C57936612D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{3CBB30D7-F3A6-4AF2-BA94-BE36E889BE88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{41B1BDF8-590E-461B-8522-8A266DC1D9CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{47DDA791-6F23-4CC3-8818-E19D0AC1442D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{52704BD5-52B7-4D6D-86CB-9B9BC04CFBEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{5399A88D-9864-41F0-BB36-40A4D6A54AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{54971BF3-7EEC-4946-A445-FB53226F1D18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 

"{565D92B6-F108-4200-A048-662A1C805700}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{63425C82-3BC3-435C-815C-2225FF284242}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6FA8E28E-E3BB-4DCC-A9B9-D12EDE9D0DDE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{72083ACC-FC53-4E37-855C-587FFAAD15A7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{750520CE-63F4-4460-BFFF-1D647FF02565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{75BE7EE3-2C4B-4148-8E0F-72537EF723E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{87ABEF09-058B-40BA-B84B-F55ECD111B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 

"{89F2D9C5-AF1B-4581-951C-C6ED5CA89825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{8B751D7E-FBC0-41F4-A880-986B03211ADB}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{8B772FBB-856B-4B99-9D56-672189090FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{8D27D700-9B13-4F8A-AD29-C05FA259B8F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{8F7712CB-3D96-41FF-A8E9-17C6E4320619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 

"{927227B4-EBE5-4B28-A91A-4C43DCB372AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 

"{9A3989D4-2919-43C5-B03E-F08CC2DDB163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 

"{A2897128-B51D-4882-AB43-7588F138365B}" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B8D0F588-05CC-4730-BD72-DF72E02C561B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 

"{BC7C0105-A5C9-41A5-B57E-02F963472753}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 

"{CA156975-0847-43EC-A1A7-7890AF10639B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{CDA7FCEF-E038-4C8D-8C13-FF5C247FDDE6}" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe | 

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DB6DF9FB-B12C-4FD4-9007-7DC2FBD59B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{DF542D2D-122A-4D1F-90B1-E249398408F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E9D884C2-E997-4324-B721-DEDDD3EDDB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{024D2D44-73A8-4ACF-9B7E-891F7DC423BD}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 

"TCP Query User{1ED244D9-4229-4957-9541-D312BBF9564E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"TCP Query User{3D536110-EC31-4564-966C-F5966D231613}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"TCP Query User{7A9888C9-407A-4E38-9A87-D66D73100634}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 

"TCP Query User{7EBB10CB-FFE3-4410-B071-22190E2B96EC}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 

"TCP Query User{80CA4EA4-4ECC-4F56-A501-82C4549ADCDB}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"TCP Query User{8A3D5B66-5BA3-4EEB-9B28-3525592F1CC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{99A9C40A-B453-4394-9FA8-2C04C2250FAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{C3A75814-7FA0-4108-8409-AB11C0640EBF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"TCP Query User{C4601CC2-1197-43C5-8EAB-EDF9E3B97752}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{344BB24F-A0C6-4157-A464-0AB2FCC2BA47}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe | 

"UDP Query User{4E699C3C-A433-405B-BE82-B3AF008BCA53}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{60B1AD6F-1E6F-4543-9BB2-83C9A6EDEBC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{6E5CF0FE-FB88-48BC-8D97-EAEA06434F2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"UDP Query User{795ED364-8348-4F94-ABE2-670086827E80}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe | 

"UDP Query User{AE66EDA7-4EF5-4921-8446-BA746D306004}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe | 

"UDP Query User{C974A00B-BA80-4BF3-BE7B-7BC11D68ABAE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{E72B96A9-D1C3-4040-A2B6-270E8DB44241}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{E734B016-1C0B-4F91-B8DD-639F9B6350F8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"UDP Query User{EA80E8B1-6398-4E59-8145-4AD371429F1E}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"GIMP-2_is1" = GIMP 2.8.2

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VistaGlazz_is1" = VistaGlazz 2.4

"WinRAR archiver" = WinRAR 4.11 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AC58860-75E1-4622-99B3-694903175A12}" = S4 League_EU

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch

"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6

"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVMWLANCLI" = AVM FRITZ!WLAN

"Cheat Engine 6.2_is1" = Cheat Engine 6.2

"DAEMON Tools Lite" = DAEMON Tools Lite

"Fraps" = Fraps

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201

"Google Chrome" = Google Chrome

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"LogMeIn Hamachi" = LogMeIn Hamachi

"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Steam App 200210" = Realm of the Mad God

"Steam App 202480" = Creation Kit

"Steam App 22350" = BRINK

"Steam App 41070" = Serious Sam 3: BFE

"Steam App 43110" = Metro 2033

"Steam App 440" = Team Fortress 2

"Steam App 55230" = Saints Row: The Third

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 8190" = Just Cause 2

"TeamViewer 7" = TeamViewer 7

"VLC media player" = VLC media player 2.0.3

"VMware_Player" = VMware Player

"xampp" = XAMPP 1.8.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"FileZilla Client" = FileZilla Client 3.6.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 04.12.2012 17:37:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 06.12.2012 16:20:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 07.12.2012 12:54:54 | Computer Name = Jan-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1595.686, Zeitstempel

 0x50b7ef0d, fehlerhaftes Modul tier0_s.dll_unloaded, Version 0.0.0.0, Zeitstempel

 0x5085e8e8, Ausnahmecode 0xc0000005, Fehleroffset 0x6b977d08,  Prozess-ID 0x52c, 

Anwendungsstartzeit 01cdd498e289e574.

 

Error - 07.12.2012 13:25:51 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 05.12.2012 15:10:49 | Computer Name = Jan-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002

Description = 

 

Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 06.12.2012 16:20:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 06.12.2012 16:21:01 | Computer Name = Jan-PC | Source = bowser | ID = 8003

Description = 

 

Error - 06.12.2012 18:24:03 | Computer Name = Jan-PC | Source = bowser | ID = 8003

Description = 

 

Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 07.12.2012 13:25:52 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

M-K-D-B

07.12.2012 20:02

Servus,

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10
 

:Commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Nirobe

07.12.2012 20:11

Schritt 1:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan
->Temp folder emptied: 95352 bytes
->Temporary Internet Files folder emptied: 7066157 bytes
->Java cache emptied: 1838026 bytes
->Google Chrome cache emptied: 88113899 bytes
->Flash cache emptied: 158309 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24362 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35868135 bytes
RecycleBin emptied: 4724261 bytes

Total Files Cleaned = 132,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12072012_200710

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3240.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Schritt 2:
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.12.07.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

07.12.2012 20:17:37
mbam-log-2012-12-07 (20-17-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225672
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Schritt 3:
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.12.07.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

07.12.2012 20:17:37
mbam-log-2012-12-07 (20-17-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225672
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sry der Letzte schritt 3 war falsch hier ist die richtige Datei :D
ESET:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6aba469cf5ee424c84e00df52650490a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-07 09:49:05
# local_time=2012-12-07 10:49:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 96 23415 220340235 16199 0
# compatibility_mode=5892 16776573 100 100 23123 192440851 0 0
# scanned=281104
# found=2
# cleaned=0
# scan_time=7027
C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe multiple threats (unable to clean) 6132216F9E5E76DEA273CE255C726440E781F887 I
C:\Users\Jan\Downloads\Themespack.zip multiple threats (unable to clean) B8DE1732EC78300989D6D453E2A4C6BE04C1085B I

Schritt 4:
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Thunderbird 14.0. Thunderbird out of Date!
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Noch mal zu den Darstellung und Anpassungen da gibt es Windows Vista und Windows Aero als style diese beiden sind noch vorhanden aber nicht mehr auswählbar hast du ne ahnung wie ich das ändern kann?

M-K-D-B

08.12.2012 11:00

Servus,

Zitat:

Noch mal zu den Darstellung und Anpassungen da gibt es Windows Vista und Windows Aero als style diese beiden sind noch vorhanden aber nicht mehr auswählbar hast du ne ahnung wie ich das ändern kann?

Dazu fällt mir spontan gerade leider nichts ein.

Du könntest dein Problem aber hier schildern:
Alles rund um Windows

Bitte lösche die folgenden Dateien per Hand:
C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe
C:\Users\Jan\Downloads\Themespack.zip

Wenn du keine Probleme mehr hast, die auf Malware hindeuten, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 2
Starte bitte Thunderbird --> Extras --> Einstellungen ---> Erweitert.
Wechsle in den Reiter Update und gehe sicher das Thunderbird nach Updates sucht und installiere diese auch.

Schritt 3
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 4
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

Combofix /Uninstall

http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 5
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Löschen.
Schließe die sich öffnende Textdatei.
Klicke abschließend auf Deinstallation.
Bestätige mit Ja.
Starte deinen Rechner neu auf!

Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Nirobe

08.12.2012 11:58

Ok Das war es jetzt funktioniert alles
Ich danke dir für deine mühe und deine Hilfe ich werde euch weiterempfehlen ;D

M-K-D-B

08.12.2012 12:40

Ich bin froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Alle Zeitangaben in WEZ +1. Es ist jetzt 07:43 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132