| Bernie54 | 22.05.2013 20:32 |
Ich habe den Laptop nacheinander mit OTL und Gmer gescannt.
Hier die Log-DateienOTL Logfile: Code:
OTL logfile created on: 22.05.2013 20:41:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amokcaptain\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,84 Gb Total Physical Memory | 7,09 Gb Available Physical Memory | 90,47% Memory free
15,68 Gb Paging File | 14,96 Gb Available in Paging File | 95,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,54 Gb Total Space | 578,02 Gb Free Space | 82,75% Space Free | Partition Type: NTFS
Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,51% Space Free | Partition Type: FAT32
Computer Name: AMOKCAPTAIN-PC | User Name: Amokcaptain | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.22 14:43:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.21 20:16:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.21 20:12:34 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.05.15 18:31:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.30 17:54:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 17:53:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.06 14:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.16 03:07:46 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.23 11:33:44 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012.03.21 04:06:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.03.08 18:49:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.02.19 20:41:40 | 000,072,864 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012.01.20 17:15:14 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011.12.16 06:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.12.16 06:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.16 06:38:24 | 000,161,560 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011.12.08 17:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.31 15:11:40 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.21 23:30:32 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.30 17:54:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 17:54:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 17:54:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.10 10:39:56 | 000,315,280 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.05.10 02:11:02 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.21 04:06:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.03.08 19:00:36 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.03.08 18:59:42 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.03.08 18:59:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.03.08 18:58:54 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.03.08 18:58:36 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.03.08 18:58:18 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.03.08 18:58:00 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.03.08 18:57:42 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.15 02:41:34 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.01.20 17:14:34 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.14 07:49:22 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.09.02 05:46:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 85 17 1C 8C 1A CE 01 [binary data]
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3290520.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Instagrille Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290520&CUI=UN99155127212582199&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.14
FF - prefs.js..extensions.enabledAddons: %7B341f4dac-1966-47ff-aacf-0ce175f1498a%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290520&SearchSource=2&CUI=UN99155127212582199&UM=&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.03.15 16:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 20:17:00 | 000,000,000 | ---D | M]
[2013.03.03 00:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Extensions
[2013.05.21 22:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Firefox\Profiles\wdhagata.default\extensions
[2013.05.21 22:15:29 | 000,000,000 | ---D | M] (MyFreeGames) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Firefox\Profiles\wdhagata.default\extensions\{341f4dac-1966-47ff-aacf-0ce175f1498a}
[2013.05.21 22:15:22 | 000,868,550 | ---- | M] () (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.05.09 20:21:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.15 16:26:03 | 000,000,999 | ---- | M] () -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\searchplugins\conduit.xml
[2013.05.21 20:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 20:17:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [SearchProtect] C:\Users\Amokcaptain\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\RunOnce: [SymInstallStub] C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E75E205-DF81-4D81-B117-8C672A5DDE19}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bjmyprt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cnmnsst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cnmnsu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cnsemain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\images2pdf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\kiesagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\kiessetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pcee4d.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pcee4l.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdf architect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdfcreator-1_6_2_2_setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bjmyprt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cnmnsst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cnmnsu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cnsemain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\images2pdf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\kiesagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\kiessetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pcee4d.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pcee4l.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdf architect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdfcreator-1_6_2_2_setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{788d4147-83a2-11e2-97c2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{788d4147-83a2-11e2-97c2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun\AutoRunX\AutoRunX.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.22 20:40:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe
[2013.05.21 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck
[2013.05.21 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hardcopy
[2013.05.21 22:38:02 | 001,707,520 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe
[2013.05.21 22:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.21 22:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.05.21 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.05.21 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.21 21:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.21 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.21 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\AppData\Roaming\vlc
[2013.05.21 20:45:55 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\AppData\Roaming\Malwarebytes
[2013.05.21 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.21 20:45:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.21 20:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.21 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.21 20:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.05.21 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.21 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.20 23:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\40ADFDCB6B979084000040ADBD279A70
[2013.05.15 17:09:57 | 000,000,000 | ---D | C] -- C:\SearchProtect
[2013.05.07 18:17:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.03 18:10:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013.05.01 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\Desktop\Carina
[2013.04.24 18:50:36 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
========== Files - Modified Within 30 Days ==========
[2013.05.22 20:40:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 20:40:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 20:40:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 20:40:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 20:40:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 20:40:04 | 000,000,000 | ---- | M] () -- C:\Users\Amokcaptain\defogger_reenable
[2013.05.22 20:34:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 20:34:45 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 20:33:04 | 000,000,638 | ---- | M] () -- C:\Windows\tasks\Norton Product Installer.job
[2013.05.22 14:43:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe
[2013.05.22 14:42:52 | 000,050,477 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Defogger.exe
[2013.05.21 23:31:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.21 23:30:32 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.21 22:38:19 | 000,002,367 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2013.05.21 22:16:51 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.21 21:49:30 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 21:49:30 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 21:43:38 | 000,000,646 | -H-- | M] () -- C:\Windows\tasks\Norton Product InstallerIdle.job
[2013.05.21 21:11:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.21 20:51:35 | 000,002,078 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.05.21 20:51:35 | 000,002,007 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Avira DE-Cleaner.lnk
[2013.05.21 20:45:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.21 20:25:30 | 000,001,032 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.16 18:12:45 | 001,541,120 | ---- | M] () -- C:\Users\Amokcaptain\Documents\Outlook.pst
[2013.05.16 08:13:53 | 000,417,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.07 18:17:06 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
========== Files Created - No Company Name ==========
[2013.05.22 20:40:04 | 000,000,000 | ---- | C] () -- C:\Users\Amokcaptain\defogger_reenable
[2013.05.22 20:39:25 | 000,050,477 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Defogger.exe
[2013.05.21 23:30:32 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.21 22:38:19 | 000,002,367 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2013.05.21 21:11:46 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.21 20:51:35 | 000,002,078 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.05.21 20:51:35 | 000,002,007 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Avira DE-Cleaner.lnk
[2013.05.21 20:45:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.21 20:41:05 | 000,000,638 | ---- | C] () -- C:\Windows\tasks\Norton Product Installer.job
[2013.05.21 20:41:04 | 000,000,646 | -H-- | C] () -- C:\Windows\tasks\Norton Product InstallerIdle.job
[2013.05.21 20:25:30 | 000,001,032 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.21 20:12:34 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.04.04 22:33:53 | 000,024,862 | ---- | C] () -- C:\Users\Amokcaptain\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2013.03.06 18:57:09 | 000,007,609 | ---- | C] () -- C:\Users\Amokcaptain\AppData\Local\Resmon.ResmonCfg
[2013.03.02 20:56:30 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.03.02 20:56:26 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.03.02 20:56:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.03.02 20:56:09 | 013,026,304 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.08 17:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\n.
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.15 22:36:06 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Canon
[2013.03.15 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\OpenCandy
[2013.03.15 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\PDF Architect
[2013.03.15 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\pdfforge
[2013.04.02 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Samsung
[2013.03.15 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\SearchProtect
[2013.03.04 00:15:10 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\TuneUp Software
[2013.03.15 16:25:28 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Uniblue
[2013.03.06 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 22.05.2013 20:41:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amokcaptain\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,84 Gb Total Physical Memory | 7,09 Gb Available Physical Memory | 90,47% Memory free
15,68 Gb Paging File | 14,96 Gb Available in Paging File | 95,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,54 Gb Total Space | 578,02 Gb Free Space | 82,75% Space Free | Partition Type: NTFS
Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,51% Space Free | Partition Type: FAT32
Computer Name: AMOKCAPTAIN-PC | User Name: Amokcaptain | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Counter-Strike 1.6 V40.1" = Counter-Strike 1.6 V40.1
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Hardcopy" = Hardcopy
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SearchProtect" = Search Protect by conduit
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2013 17:40:09 | Computer Name = Amokcaptain-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 02.04.2013 17:40:09 | Computer Name = Amokcaptain-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 04.04.2013 16:07:30 | Computer Name = Amokcaptain-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 04.04.2013 16:07:32 | Computer Name = Amokcaptain-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1273, Zeitstempel:
0x51540dda Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x60b0 Startzeit der fehlerhaften Anwendung: 0x01ce317000d7f42e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Kies\Kies.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4826a217-9d63-11e2-9ffb-7054d2cb0210
Error - 04.04.2013 18:22:07 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 97cc Startzeit: 01ce317cb5cb6b16 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 0cff0152-9d76-11e2-9ffb-7054d2cb0210
Error - 04.04.2013 18:31:31 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9a60 Startzeit: 01ce3182d7b32e48 Endzeit: 0 Anwendungspfad:
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE Berichts-ID: 5f261cdf-9d77-11e2-9ffb-7054d2cb0210
Error - 07.04.2013 17:27:46 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 5608 Startzeit: 01ce33c42171f629 Endzeit: 11 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: f35bfa94-9fc9-11e2-9d6b-7054d2cb0210
Error - 14.04.2013 03:55:52 | Computer Name = Amokcaptain-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.6005, Zeitstempel:
0x51139458 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00048611 ID des fehlerhaften Prozesses:
0x83c Startzeit der fehlerhaften Anwendung: 0x01ce3825a6573067 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Secunia\PSI\PSIA.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\ole32.dll Berichtskennung: b9d6eb41-a4d8-11e2-8741-7054d2cb0210
Error - 15.05.2013 11:09:56 | Computer Name = Amokcaptain-PC | Source = CltMngSvc | ID = 1000
Description =
Error - 21.05.2013 15:19:36 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002
Description = Programm Kies.Update.exe, Version 1.0.0.106 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 112c Startzeit: 01ce565715f6fc48 Endzeit: 0 Anwendungspfad: C:\Users\Amokcaptain\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
Berichts-ID:
58f0d047-c24b-11e2-9e84-7054d2cb0210
[ System Events ]
Error - 22.05.2013 14:35:02 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.05.2013 14:35:02 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.05.2013 14:35:04 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr discache spldr Wanarpv6
Error - 22.05.2013 14:35:19 | Computer Name = Amokcaptain-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Program Files (x86)\Atheros\AthIhvWlanExt.dll Fehlercode: 21
Error - 22.05.2013 14:37:21 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
Error - 22.05.2013 14:37:29 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
Error - 22.05.2013 14:37:31 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
Error - 22.05.2013 14:37:32 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
Error - 22.05.2013 14:39:07 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
Error - 22.05.2013 14:39:07 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 21:20:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\AMOKCA~1\AppData\Local\Temp\fwlorpog.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a11bfda
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a11bfda (not active ControlSet)
---- Files - GMER 2.1 ----
File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 44544 bytes executable
File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 16896 bytes executable
File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 54272 bytes executable
File C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui 35328 bytes executable
File C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui 15360 bytes executable
File C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui 46592 bytes executable
---- EOF - GMER 2.1 ----
--- --- ---
Die beiden Funde in der Registry könnten die Ursache für die Downloadsperre sein.
Wie kann ich die jetzt noch vorhandenen Funde beseitigen? Code:
HitmanPro 3.7.3.194
www.hitmanpro.com
Computer name . . . . : AMOKCAPTAIN-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
Safe Mode Boot . . . : NETWORK
User name . . . . . . : Amokcaptain-PC\Amokcaptain
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-05-21 20:12:34
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 33s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 6
Traces . . . . . . . : 65
Objects scanned . . . : 1.387.667
Files scanned . . . . : 17.840
Remnants scanned . . : 342.772 files / 1.027.055 keys
Suspicious files ____________________________________________________________
C:\ProgramData\40ADFDCB6B979084000040ADBD279A70\40ADFDCB6B979084000040ADBD279A70.exe
Size . . . . . . . : 434.176 bytes
Age . . . . . . . : 0.9 days (2013-05-20 23:16:53)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 2E8D2CC999368EA0D81B72520B94266568588A7A2BF6C8577165D537FB070586
Gossip . . . . . . : System Care Antivirus
Fuzzy . . . . . . : 32.0
This file was most recently added as automatic startup.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Uses the Windows Registry to run each time the user logs on.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file appears to be part of an installation package or setup program. This is typical for most programs.
Startup
HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\40ADFDCB6B979084000040ADBD279A70
References
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk
C:\Users\Amokcaptain\Desktop\System Care Antivirus.lnk
Malware remnants ____________________________________________________________
C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\U\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\U\ (ZeroAccess) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\0VHEXKQU.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\2HU3EQ9J.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\33CG7O9N.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\ADF42ODE.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\amokcaptain@apmebf[2].txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\EI1UAOOE.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\I85QCI3R.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\KJSCA6G9.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\NF1OJC0Y.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\Q9JKG5KO.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\T800X2G5.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\W2YZP2RZ.txt
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\Z1DUNBCB.txt
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.12mnkys.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.360yield.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.adc-serv.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.zanox.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:adtech.de
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:apmebf.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:atdmt.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:c.atdmt.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:c1.atdmt.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:conrad.122.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:cunda.122.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:de.sitestat.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:deutschepostag.112.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:doubleclick.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:fastclick.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:invitemedia.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:mediaplex.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:microsoftsto.112.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:msnportal.112.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:opodo.122.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:revsci.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:serving-sys.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:sonyeurope.112.2o7.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:specificclick.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:stat.dealtime.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:statcounter.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:stats.paypal.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.adform.net
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.hubrus.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.zalando.de
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:tradedoubler.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:uk.sitestat.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:www.etracker.de
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:www.googleadservices.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:xiti.com
C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:yadro.ru
Code:
HitmanPro 3.7.3.194
www.hitmanpro.com
Computer name . . . . : AMOKCAPTAIN-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
Safe Mode Boot . . . : NETWORK
User name . . . . . . : Amokcaptain-PC\Amokcaptain
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-05-21 20:19:57
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 17s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 1.375.271
Files scanned . . . . : 16.028
Remnants scanned . . : 332.162 files / 1.027.081 keys
Suspicious files ____________________________________________________________
C:\ProgramData\40ADFDCB6B979084000040ADBD279A70\40ADFDCB6B979084000040ADBD279A70.exe -> Deleted
Size . . . . . . . : 434.176 bytes
Age . . . . . . . : 0.9 days (2013-05-20 23:16:53)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 2E8D2CC999368EA0D81B72520B94266568588A7A2BF6C8577165D537FB070586
Gossip . . . . . . : System Care Antivirus
Fuzzy . . . . . . : 32.0
This file was most recently added as automatic startup.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Uses the Windows Registry to run each time the user logs on.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file appears to be part of an installation package or setup program. This is typical for most programs.
Startup
HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\40ADFDCB6B979084000040ADBD279A70
References
C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk
C:\Users\Amokcaptain\Desktop\System Care Antivirus.lnk
|
WARNUNG an die MITLESER: