Problem mit Internetverbindung, starker Verdacht auf Malware

chillmeister · 11.05.2012, 16:48

Hallo zusammen,

ich habe seit ca. zwei Wochen immer größer werdende Probleme mit meiner Internetverbindung. Die Verbindung wird in der Symbolleiste durchgehend als gut angegeben, im Browser hörten Videos aber immer wieder auf zu laden, Seiten luden garnicht erst usw. Meist funktionierte es aber doch nach mehrmaligem aktualisieren, weshalb ich umso mehr vermute, dass nicht die Verbindung selbst schlecht ist, sondern mein System durch einen Virus, Wurm oder oder...verlangsamt oder blockiert wird. Mittlerweile funktioniert auch das Senden über Thunderbird nicht mehr, das empfangen schon.

Beim Versuch eines Scans über DDS bekomme ich die Ansage: "Windows Befehlsprozessor funktioniert nicht mehr". Hijack This gibt die Meldung aus, dass das Programm keine Schreibrechte für die Host-Dateien bekommen hat.

Hier Mein HijackThis-Log, vielen Dank schonmal für eure Hilfe:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:43, on 11.05.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O3 - Toolbar: toolplugin - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Musemann\AppData\Roaming\toolplugin\toolbar.dll (file missing)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12238 bytes

kira · 11.05.2012, 21:52

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Deinstalliere:

Code:

ATTFilter

"Ad-Aware Free"
jetzt läuft mit Anti-Viren-Schutz!

kann es zu einem Systemabsturz kommen!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

chillmeister · 13.05.2012, 14:43

Hallo Kira,

vielen Dank für deine Hilfe!

Ich bin deinen Anweisungen gefolgt und habe erstmal Ad-Aware deinstalliert.
Hier drunter stehen die Logfiles von OTL und CCleaner, die ich erstellen sollte.
Außerdem ist mir noch etwas aufgefallen, dass vielleicht wichtig sein könnte: Wenn ich bei Google eine Anfrage starte, bekomme ich seit einer Woche manchmal die Antwort, dass google meine Anfrage nicht beantwortet weil von meinem PC ungewöhnliche Aktivitäten ausgehen, was daran liegen könnte, dass mein PC infiziert sei.

OTL Logfile Nr. 1
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.05.2012 22:52:41 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 68,18% Memory free
7,49 Gb Paging File | 5,82 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 213,00 Gb Free Space | 75,86% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,64% Space Free | Partition Type: FAT32
Drive G: | 3,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Musemann\Desktop\Media und Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (CVPND) -- C:\Program Files\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE:64bit: - HKLM\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE - HKLM\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 1
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.09 01:14:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.09 01:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.09 01:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\components [2012.04.25 19:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\plugins [2011.11.15 13:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.19 19:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.29 02:22:46 | 000,000,000 | ---D | M]
 
[2011.08.27 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Extensions
[2012.04.18 21:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions
[2012.03.25 12:43:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.25 12:43:47 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\foxmarks@kei.com
[2011.11.01 04:13:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\welcome@toolmin.com
[2012.05.05 01:14:07 | 000,006,241 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\kicker.xml
[2012.01.20 00:08:10 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.12 01:27:40 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.04.07 13:18:37 | 000,035,695 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\FACEBOOK@DISCONNECT.ME.XPI
[2012.02.19 17:34:34 | 000,018,684 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.18 21:10:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Musemann\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E28CE8-C052-4096-83C7-9FB77639C303}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.05.11 19:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.05.11 16:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.05.10 06:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.05.10 06:35:51 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.05.10 06:31:11 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Local\adaware
[2012.05.10 06:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.05.10 06:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.05.10 06:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.05.10 06:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.05.10 06:29:07 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus
[2012.05.09 23:37:41 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.05.09 23:37:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.05.09 23:37:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.05.09 23:37:28 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012.05.01 18:20:58 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Roaming\AirportMadness4
[2012.05.01 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.05.01 18:08:19 | 000,000,000 | ---D | C] -- C:\Spiele
[2012.05.01 16:16:29 | 000,000,000 | ---D | C] -- C:\Users\Musemann\Desktop\p
[2012.05.01 04:03:40 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Local\ElevatedDiagnostics
[2012.04.29 16:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.04.25 19:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins
[2012.04.25 19:53:07 | 000,157,352 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.25 19:53:07 | 000,129,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\components
[2012.04.23 08:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012.04.19 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\Musemann\Desktop\Feist
[2012.04.19 02:38:59 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2012.04.15 21:18:17 | 000,588,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.15 21:18:17 | 000,043,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.04.15 17:14:59 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.01.16 10:12:45 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012.01.16 10:12:45 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2012.01.16 10:12:45 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2011.08.27 17:41:36 | 015,743,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2011.08.27 17:41:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2011.08.27 17:41:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2011.08.27 17:41:36 | 000,924,600 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2011.08.27 17:41:36 | 000,838,584 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2011.08.27 17:41:36 | 000,646,072 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2011.08.27 17:41:36 | 000,449,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2011.08.27 17:41:36 | 000,371,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2011.08.27 17:41:36 | 000,285,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2011.08.27 17:41:36 | 000,269,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2011.08.27 17:41:36 | 000,187,320 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2011.08.27 17:41:36 | 000,170,936 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2011.08.27 17:41:36 | 000,158,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2011.08.27 17:41:36 | 000,125,880 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2011.08.27 17:41:36 | 000,109,496 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2011.08.27 17:41:36 | 000,105,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2011.08.27 17:41:36 | 000,105,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2011.08.27 17:41:36 | 000,101,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2011.08.27 17:41:36 | 000,022,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2011.08.27 17:41:36 | 000,020,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2011.08.27 17:41:36 | 000,019,896 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2011.08.27 17:41:36 | 000,016,824 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2011.08.27 17:41:36 | 000,016,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2011.08.27 17:41:35 | 000,019,384 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 22:25:51 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.05.12 22:25:51 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.05.12 22:25:51 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.05.12 22:25:51 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.05.12 22:25:51 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.05.12 22:21:40 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 22:21:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.12 16:41:14 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 16:41:14 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 16:38:15 | 000,000,328 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.05.12 16:37:14 | 000,000,320 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.05.12 16:37:14 | 000,000,312 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.05.12 16:33:09 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 15:18:26 | 000,293,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.05.10 08:36:24 | 000,014,899 | ---- | M] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur.odt
[2012.05.10 07:15:09 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.05.10 07:15:09 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.05.08 01:44:35 | 000,001,253 | ---- | M] () -- C:\Users\Musemann\Desktop\Motherload.lnk
[2012.05.07 20:32:06 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMusemann.job
[2012.05.04 23:05:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 23:05:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.04 23:05:33 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.03 18:07:45 | 000,028,592 | ---- | M] () -- C:\Users\Musemann\Desktop\Nachrichten an Menschen.odt
[2012.05.02 01:21:13 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.04.30 03:30:29 | 471,194,484 | ---- | M] () -- C:\Users\Musemann\Desktop\The Best Exotic Marigold Hotel (2011) TS x264 Demitos.mkv
[2012.04.26 08:34:06 | 000,011,852 | ---- | M] () -- C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
[2012.04.26 08:07:06 | 000,024,814 | ---- | M] () -- C:\Users\Musemann\Desktop\Ich war schon lange nicht mehr da.odt
[2012.04.21 18:41:55 | 000,017,408 | ---- | M] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2012.04.21 03:54:13 | 007,508,390 | ---- | M] () -- C:\Program Files\omni.ja
[2012.04.21 03:54:13 | 000,001,586 | ---- | M] () -- C:\Program Files\precomplete
[2012.04.21 03:54:08 | 000,000,701 | ---- | M] () -- C:\Program Files\updater.ini
[2012.04.21 03:53:45 | 000,004,284 | ---- | M] () -- C:\Program Files\crashreporter.ini
[2012.04.21 03:53:44 | 000,000,706 | ---- | M] () -- C:\Program Files\crashreporter-override.ini
[2012.04.21 03:17:56 | 015,743,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.04.21 03:17:18 | 000,019,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.04.21 03:17:16 | 000,285,624 | ---- | M] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.04.21 03:17:14 | 000,158,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.04.21 03:17:13 | 000,170,936 | ---- | M] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.04.21 03:17:13 | 000,000,478 | ---- | M] () -- C:\Program Files\softokn3.chk
[2012.04.21 03:17:11 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.04.21 03:17:09 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.04.21 03:17:08 | 000,020,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.04.21 03:17:06 | 000,022,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.04.21 03:17:05 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.04.21 03:17:04 | 000,109,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.04.21 03:17:04 | 000,000,478 | ---- | M] () -- C:\Program Files\nssdbm3.chk
[2012.04.21 03:17:02 | 000,371,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.04.21 03:17:00 | 000,646,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.04.21 03:16:58 | 000,187,320 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.04.21 03:16:56 | 000,838,584 | ---- | M] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\mozjs.dll
[2012.04.21 03:16:48 | 000,043,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.04.21 03:16:46 | 000,016,312 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.04.21 03:16:45 | 000,157,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.21 03:16:35 | 000,449,464 | ---- | M] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.04.21 03:16:32 | 000,101,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.04.21 03:16:27 | 000,588,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.21 03:16:23 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.04.21 03:16:23 | 000,000,478 | ---- | M] () -- C:\Program Files\freebl3.chk
[2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2012.04.21 03:16:18 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.04.21 03:16:17 | 000,019,384 | ---- | M] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2012.04.21 03:15:26 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.04.21 03:15:25 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.04.21 03:15:20 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012.04.21 03:15:20 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2012.04.21 03:15:20 | 000,014,124 | ---- | M] () -- C:\Program Files\blocklist.xml
[2012.04.21 03:15:20 | 000,000,455 | ---- | M] () -- C:\Program Files\application.ini
[2012.04.21 03:15:20 | 000,000,140 | ---- | M] () -- C:\Program Files\platform.ini
[2012.04.21 03:15:20 | 000,000,132 | ---- | M] () -- C:\Program Files\update-settings.ini
[2012.04.21 03:15:19 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2012.04.21 03:15:17 | 000,000,130 | ---- | M] () -- C:\Program Files\dependentlibs.list
[2012.04.21 01:34:05 | 000,035,486 | ---- | M] () -- C:\Program Files\removed-files
[2012.04.15 17:40:32 | 000,827,719 | ---- | M] () -- C:\Users\Musemann\Desktop\Journal_Pad_Entry.pdf
 
========== Files Created - No Company Name ==========
 
[2012.05.11 19:27:30 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.05.10 05:59:28 | 000,014,899 | ---- | C] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur.odt
[2012.05.08 01:43:54 | 000,001,253 | ---- | C] () -- C:\Users\Musemann\Desktop\Motherload.lnk
[2012.05.01 18:17:54 | 000,000,765 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirportMadness4.lnk
[2012.05.01 18:17:54 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.04.30 01:16:22 | 471,194,484 | ---- | C] () -- C:\Users\Musemann\Desktop\The Best Exotic Marigold Hotel (2011) TS x264 Demitos.mkv
[2012.04.29 16:23:12 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.04.29 16:23:12 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.04.29 16:23:12 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.04.25 19:53:08 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.04.15 17:48:29 | 114,302,233 | ---- | C] () -- C:\Users\Musemann\Desktop\Playboy 05-2012 Deutsch Sophia Thomalla.pdf
[2012.04.15 17:40:27 | 000,827,719 | ---- | C] () -- C:\Users\Musemann\Desktop\Journal_Pad_Entry.pdf
[2012.02.08 18:21:36 | 007,508,390 | ---- | C] () -- C:\Program Files\omni.ja
[2011.10.16 23:03:09 | 000,017,408 | ---- | C] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2011.08.31 14:29:00 | 004,023,808 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011.08.27 17:41:36 | 001,952,696 | ---- | C] () -- C:\Program Files\mozjs.dll
[2011.08.27 17:41:36 | 000,035,486 | ---- | C] () -- C:\Program Files\removed-files
[2011.08.27 17:41:36 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2011.08.27 17:41:36 | 000,001,586 | ---- | C] () -- C:\Program Files\precomplete
[2011.08.27 17:41:36 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2011.08.27 17:41:36 | 000,000,701 | ---- | C] () -- C:\Program Files\updater.ini
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2011.08.27 17:41:36 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2011.08.27 17:41:36 | 000,000,130 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2011.08.27 17:41:35 | 000,014,124 | ---- | C] () -- C:\Program Files\blocklist.xml
[2011.08.27 17:41:35 | 000,000,455 | ---- | C] () -- C:\Program Files\application.ini
[2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011.07.03 19:48:42 | 000,147,456 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2011.06.17 06:26:10 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011.03.09 13:35:34 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011.03.09 13:35:34 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.03.09 13:35:33 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.03.09 13:24:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.01.04 14:28:18 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2010.12.09 01:13:09 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010.06.02 14:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

< End of report >

--- --- ---

[/code]

OTL Logfile Nr. 2 (Extras)
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12.05.2012 22:52:46 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 68,18% Memory free
7,49 Gb Paging File | 5,82 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 213,00 Gb Free Space | 75,86% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,64% Space Free | Partition Type: FAT32
Drive G: | 3,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AA750B-AF2E-4BF9-B8FA-9DEA032404C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BE87FE6-991B-4953-9928-534A5E0FC517}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F3A7272-A632-44BC-A762-8E7F40208965}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{239BA22F-9AE9-4248-A7C8-654E137A4F98}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E093CB0-2026-499F-A07C-27E824B98624}" = rport=139 | protocol=6 | dir=out | app=system | 
"{79A82A26-591C-47D0-8124-BA61D8607CB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{820FC3BA-661D-4454-B9D4-D738F0869049}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83A623CD-51BF-4045-956F-448D65BCFEC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{844D58AB-F89E-4561-9E55-9A17817418E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{97C68E6F-95A4-40E1-8F7F-B9177144AE42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9A927E4E-BC19-4B51-8AB5-C939569863A6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A66D8CF6-1654-4AE4-8BB0-73C03A0718D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AA9A5528-1F55-4714-8413-6F6EE7996222}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1EE6979-8DC0-45E1-A08D-76B824894DED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C0BA7B86-CAF4-40E3-9783-568437131A0D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C8284ACF-67E5-48EA-B56C-6885BBAC55DF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D262CACB-B0C9-4028-A308-57FF24122530}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D3378D46-64AF-4DB4-8583-218B8481F681}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFE63619-8249-4D73-BDDC-9E14288D1771}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA60AABB-49C7-4D5B-9F49-6C8FCB20EC7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FAF5A8D6-FCA3-4D13-978F-3B338A090384}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07ADBB1D-8689-4C8B-94DF-BE3A1C413EDE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0AA1F5F6-0775-42E2-8230-E9AB1A882A6F}" = protocol=6 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{11779428-E491-4E8F-8116-E6D5E0DB125B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{19F7BF6D-ACB7-4EC3-A447-756E33698BDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2106A757-DB02-4B24-8851-A8E1426D4A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26A0736A-B51D-47D5-A2A9-86A902998269}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C1D84D5-0A5B-4EE5-8123-24CDFA4821A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DB0EB2B-3C88-42F8-8F54-BC626DC3CEC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E784096-85E3-41DA-B25D-68E17219E44C}" = protocol=17 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{67CD996C-2ECA-4313-9DBC-6A119DBBD4CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7FDCADB8-DA9F-4226-8228-745ECCB3EE2A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8257888E-7B28-4047-855A-70F237C223B7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{8AE9F45F-6884-41A3-ABEF-DE2A52A85F33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B8768AB-D313-4B12-86B8-EDE8EC3BF83A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{964D7555-BC0D-4169-9D9B-14CD17481E7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E943645-0CFA-4FBA-A478-473F72692A7E}" = protocol=6 | dir=out | app=system | 
"{A177F1AF-A9E4-4781-B1C0-5FD525280EB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1AF54BF-3590-4FC9-939A-4F5EC97FA6B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B15D4B2D-1070-480D-A73A-5A68B163F046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2FBA278-F8A0-42EB-9115-F59B5133E666}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D613D1E8-B8C2-401F-9AFB-DE9C62EF067D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{DB64E3A0-63D3-4DE2-8160-F0FB635E77A2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E8F25029-D5FD-41E5-ADE3-E63DF97FE79F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED5D5B9C-7E91-4161-A53A-733BD64A6469}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0D06511-3266-4BD7-8BCD-FF4F6CC7F702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F142F06E-A653-4389-8ACB-B44196FE22CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{60FF3A47-5ACB-4B00-9A76-24DB42F3F5D7}C:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{7608CD9C-6CB2-4DFC-8FB5-FE9480AFCB7C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{2044B9E4-0B71-434E-A687-41694F660455}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E04AFE08-E285-4474-ABEF-A9B09216F8B7}C:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4B8C753-A5AF-FDA6-05FD-33A099902129}" = AirportMadness4
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F097D8DF-B207-4EA1-91A4-A21B8425F9B4}" = HP Documentation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AirportMadness4" = AirportMadness4
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"SymSilent" = SymSilent
"TeamViewer 7" = TeamViewer 7
"toolplugin" = toolplugin
"VLC media player" = VLC media player 1.1.11
"xp-AntiSpy" = xp-AntiSpy 3.97-11
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2011 14:46:49 | Computer Name = Musemanns-HP | Source = ESENT | ID = 215
Description = WinMail (3532) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 12.10.2011 14:46:55 | Computer Name = Musemanns-HP | Source = ESENT | ID = 215
Description = WinMail (3980) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 12.10.2011 23:40:39 | Computer Name = Musemanns-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.1.33,
 Zeitstempel: 0x4e64e4e2  Name des fehlerhaften Moduls: EScript.api, Version: 10.1.1.33,
 Zeitstempel: 0x4e64f848  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0007dfba  ID des fehlerhaften
 Prozesses: 0x1300  Startzeit der fehlerhaften Anwendung: 0x01cc890f89410586  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\EScript.api
Berichtskennung:
 1e044605-f54d-11e0-bb42-cc52af198575
 
Error - 15.11.2011 13:52:28 | Computer Name = Musemanns-HP | Source = Application Hang | ID = 1002
Description = Programm DivX Plus Player.exe, Version 10.2.1.23 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: b4c    Startzeit: 01cca3bf34750635    Endzeit: 6    Anwendungspfad: C:\Program
 Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe    Berichts-ID: 88241b00-0fb2-11e1-a2e5-cc52af198575

 
Error - 01.03.2012 16:39:41 | Computer Name = Musemanns-HP | Source = Windows Backup | ID = 4104
Description = 
 
Error - 18.03.2012 18:12:28 | Computer Name = Musemanns-HP | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: c44    Startzeit: 01cd0552c41e53d2    Endzeit: 42    Anwendungspfad: 
C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: 6e0e8bb0-7147-11e1-b489-cc52af198575

 
Error - 18.04.2012 20:51:05 | Computer Name = Musemanns-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xce4  Startzeit der fehlerhaften Anwendung: 0x01cd1dc4d0fc6cb0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\plugin-container.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: be0b0c6d-89b9-11e1-93f8-cc52af198575
 
Error - 21.04.2012 12:39:51 | Computer Name = Musemanns-HP | Source = Application Hang | ID = 1002
Description = Programm Zattoo.exe, Version 4.0.5.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17c8    Startzeit:
 01cd1fdd4f2652c6    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\Zattoo4\Zattoo.exe

Berichts-ID:
 980c2b32-8bd0-11e1-a9b1-cc52af198575  
 
Error - 25.04.2012 19:54:14 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.04.2012 06:06:38 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 02.11.2011 08:29:41 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 02.11.2011 08:29:42 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Hewlett-Packard Events ]
Error - 08.01.2012 17:13:28 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 08.01.2012 17:13:53 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 20:27:17 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 22:51:25 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:00:50 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:01:01 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:01:25 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:02:15 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:08:39 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 1788  Ram Utilization: 90  TargetSite: Void closeConnection()

 
Error - 15.01.2012 23:09:14 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 06.05.2012 09:51:16 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.06 15:51:16.834|00000444|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 06.05.2012 22:55:44 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.07 04:55:44.928|000008DC|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 06.05.2012 23:05:53 | Computer Name = Musemanns-HP | Source = CaslSmBios | ID = 5
Description = 2012.05.07 05:05:53.568|00001610|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 80040154.
 
Error - 06.05.2012 23:07:27 | Computer Name = Musemanns-HP | Source = CaslSmBios | ID = 5
Description = 2012.05.07 05:07:27.421|0000167C|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 80040154.
 
Error - 06.05.2012 23:07:30 | Computer Name = Musemanns-HP | Source = CaslSmBios | ID = 5
Description = 2012.05.07 05:07:30.381|00001700|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 80040154.
 
Error - 07.05.2012 14:32:35 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.07 20:32:35.414|00000FD8|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 08.05.2012 18:24:29 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.09 00:24:29.613|00000E78|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 09.05.2012 15:55:27 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.09 21:55:27.213|000003A8|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 11.05.2012 09:44:58 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.11 15:44:58.015|00000A98|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 12.05.2012 10:39:09 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.12 16:39:09.261|000004C0|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
[ HP Wireless Assistant Events ]
Error - 12.05.2012 16:21:59 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:01 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:02 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:04 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:05 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:07 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:08 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:10 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:11 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12.05.2012 16:22:13 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

[/code]

Installierte Programme (CCleaner File)

Code:

ATTFilter

Adobe AIR	Adobe Systems Incorporated	30.04.2012		3.2.0.2070
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	08.03.2011		10.0.32.18
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	03.05.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	28.04.2012	121,9MB	10.1.3
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	08.05.2012		11.6.5.635
AirportMadness4	Big Fat Simulations	01.05.2012		1.20
ATI Catalyst Install Manager	ATI Technologies, Inc.	08.03.2011	22,3MB	3.0.778.0
Avira Free Antivirus	Avira	09.05.2012	104,9MB	12.0.0.1125
Broadcom 2070 Bluetooth 3.0	Broadcom Corporation	08.03.2011	183,5MB	6.3.0.6300
Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	09.03.2011		5.60.350.6
CCleaner	Piriform	11.05.2012		3.18
Cisco Systems VPN Client 5.0.07.0290		26.01.2012	10,6MB	
Corel Home Office	Corel Corporation	08.12.2010	118,2MB	5.0.87.621
CPUID CPU-Z 1.59		18.01.2012	3,30MB	
DivX-Setup	DivX, LLC	08.01.2012		2.6.1.3
Dropbox	Dropbox, Inc.	15.11.2011		1.1.45
Energy Star Digital Logo	Hewlett-Packard	08.03.2011	0,29MB	1.0.1
HiJackThis	Trend Micro	09.05.2012	0,36MB	1.0.0
HP Documentation	Hewlett-Packard	07.12.2010	784MB	1.5.0.0
HP ESU for Microsoft Windows 7	Hewlett-Packard Company	05.10.2011	15,0MB	1.1.8.1
HP HotKey Support	Hewlett-Packard Company	11.09.2011	14,1MB	4.0.3.1
HP Setup	Hewlett-Packard Company	07.12.2010		8.5.4371.3505
HP SoftPaq Download Manager	Hewlett-Packard Company	07.12.2010	14,4MB	3.0.5.0
HP Software Framework	Hewlett-Packard Company	15.01.2012	4,75MB	4.1.13.1
HP Software Setup	Hewlett-Packard Company	07.12.2010	11,8MB	7.0.1.6
HP Support Assistant	Hewlett-Packard Company	22.04.2012	75,8MB	6.1.12.1
HP Webcam	Roxio	11.09.2011	9,77MB	1.0.25.0
HP Webcam Driver	Sonix	08.03.2011		5.8.50015.0
HP Wireless Assistant	Hewlett-Packard	07.12.2010	5,60MB	4.0.6.0
IDT Audio	IDT	21.11.2011		1.0.6300.0
Java(TM) 6 Update 29	Oracle	22.09.2011	97,1MB	6.0.290
JDownloader 0.9	AppWork GmbH	28.04.2012		0.9
Last.fm 1.5.4.27091	Last.fm	11.09.2011		
LightScribe System Software	LightScribe	07.12.2010	23,4MB	1.18.12.1
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.10.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.10.2011	2,94MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	07.12.2010	6,31MB	14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	07.12.2010	20,4MB	4.0.50401.0
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	07.12.2010	0,69MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	07.12.2010	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	08.03.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.03.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	17.10.2011	11,1MB	10.0.40219
Mozilla Firefox 12.0 (x86 de)	Mozilla	24.04.2012	797MB	12.0
Mozilla Maintenance Service	Mozilla	24.04.2012	0,21MB	12.0
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	02.05.2012	38,3MB	12.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.05.2012	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	10.05.2012	1,33MB	4.20.9876.0
OpenOffice.org 3.3	OpenOffice.org	22.09.2011	415MB	3.3.9567
PDF Complete Special Edition	PDF Complete, Inc	08.03.2011		3.5.117
Realtek Ethernet Controller All-In-One Windows Driver	Realtek	07.12.2010		1.12.0011
Roxio Creator Business	Roxio	08.03.2011	324MB	10.3.56.21
Skype™ 4.2	Skype Technologies S.A.	08.03.2011	31,7MB	4.2.163
Spybot - Search & Destroy 2	Safer-Networking Ltd.	01.03.2012	107,8MB	2.0.5
SymSilent	Symantec Corporation	08.03.2011		
Synaptics Pointing Device Driver	Synaptics Incorporated	08.12.2010		15.0.10.0
TeamViewer 7	TeamViewer	10.05.2012		7.0.12979
toolplugin		31.10.2011		
VLC media player 1.1.11	VideoLAN	04.09.2011		1.1.11
Win7codecs	Shark007	07.09.2011	63,2MB	3.0.5
Windows 7 Default Setting	Hewlett-Packard Company	07.12.2010	32,00KB	1.0.1.7
Windows Live ID Sign-in Assistant	Microsoft Corporation	07.12.2010	10,0MB	6.500.3165.0
Windows Media Player Firefox Plugin	Microsoft Corp	07.09.2011	0,29MB	1.0.0.8
WinRAR 4.01 (64-Bit)	win.rar GmbH	04.09.2011		4.01.0
WinZip 14.5	WinZip Computing, S.L. 	26.08.2011	20,0MB	14.5.9095
x64 Components v3.0.5	Shark007	07.09.2011	56,8MB	3.0.5
xp-AntiSpy 3.97-11	Christian Taubenheim	31.10.2011		
Zattoo4 4.0.5	Zattoo Inc.	15.10.2011		4.0.5

kira · 13.05.2012, 22:48

Systemreinigung und Prüfung:

1.
Bei der Durchsicht der Logfiles habe ich gesehen, dass Du XPAntispy installiert hast. Das erhöht einerseits die Sicherheit, kann uns aber andererseits bei der Bereinigung hinderlich sein. Alle mit XPAntispy gemachten Änderungen müssen rückgängig gemacht werden, indem Du unter "Profile" das Systemprofil auf Systemstandard einstellst. Nach Beendigung der Bereinigung kannst Du in XPAntispy wieder Dein gewohntes Profil einstellen.

2.
Welches toolplugin ist das (installiert unter systemsteuerung-> Software)?
und im Browser unter "Erweiterungen":

Zitat:

toolplugin
[2011.11.01 04:13:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\welcome@toolmin.com

3.

Zitat:

Spybot

- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE:64bit: - HKLM\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE - HKLM\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes,DefaultScope = {E38EE736-8F53-4DE1-A867-0E35AD8808F8}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.09 01:14:08 | 000,000,000 | ---D | M]
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Musemann\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Files
C:\Users\Musemann\AppData\Local\adaware
C:\ProgramData\Ad-Aware Browsing Protection
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Ad-Aware Antivirus
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
Hast Du absichtlich die IP

Zitat:

FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 1

als Proxy eingestellt? Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

6.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

7.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8

-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

chillmeister · 14.05.2012, 03:28

Hallo Kira

und noch einmal dankeschön für deine Hilfe!

1. XPAntispy hat mir beim starten gemeldet, dass ich es noch nie benutzt habe. Sicherheitshalber habe ich dann trotzdem wie empfohlen auf Systemstandard eingestellt.

2. Das toolplugin kommt mir nicht bekannt vor. Soll ich es unter Systemsteuerung->Software deinstallieren?

3. Ich habe Spybot komplett deinstalliert. Welches Programm kannst du mir stattdessen empfehlen? Ich benutze ja dann jetzt nur noch Antivir und die Windows Firewall. Reicht das schon?

4. Hier also die Logfile von OTL nach dem Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ not found.
HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38EE736-8F53-4DE1-A867-0E35AD8808F8}\ not found.
HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Musemann\AppData\Roaming\Mozilla\FireFox\Profiles\jkta644v.default\user.js moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection not found.
File C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
File\Folder C:\Users\Musemann\AppData\Local\adaware not found.
File\Folder C:\ProgramData\Ad-Aware Browsing Protection not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Rules folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Quarantine folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Logs folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\History folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\FW History folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Events folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Downloads folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully.
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus\Logs\20120512T143808.887516PID4408 folder moved successfully.
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus\Logs\20120511T134454.551914PID4340 folder moved successfully.
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus\Logs\20120510T042907.742331PID5532 folder moved successfully.
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Musemann\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Musemann\Desktop\Media und Tools\cmd.bat deleted successfully.
C:\Users\Musemann\Desktop\Media und Tools\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Musemann
->Temp folder emptied: 14707896 bytes
->Temporary Internet Files folder emptied: 29347909 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 308824913 bytes
->Flash cache emptied: 200903 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47133074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 14509580 bytes
 
Total Files Cleaned = 396,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_043435

Files\Folders moved on Reboot...
C:\Users\Musemann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

5. Nein, ich habe den Proxy nicht absichtlich eingestellt. Ich kann mich nicht daran erinnern und wüsste auch nicht, warum ich das hätte machen sollen. Ich habe es ausgestellt, wie du mir geraten hast. Ich benutze eine Youtube-Unlocker, könnte es etwas damit zu tun haben?

6. Ich habe meine bestehende Java-Version auf Update 32 upgedatet. Dabei ist mir aufgefallen, dass ich Java und den Flash Player in der 32Bit-Version benutze, obwohl ich ein 64Bit-System benutze. Ist das wichtig? Außerdem habe ich versucht, das automatische Java Update von einmal-im-Monat auf einmal-pro-Woche umzustellen, aber jedesmal wenn ich nach der Änderung Java beendet und zur Überprüfung nochmal gestartet habe, stand die Einstellung wieder auf einmal-im-Monat. Weißt du, woran das liegen kann?

noch zu 6:
außerdem wurde ich nach dem Neustart gefragt beim Öffnen des Firefox gefragt, ob Java Console 6.0.2.3 etwas installieren darf. Ich gehe davon aus, dass das ok ist, wollte es aber sicherheitshalber erwähnen.

8. Ich habe CCleaner benutzt. Dass er auch alle Tabs löscht wusste ich leider nicht, hatte etwa 30 Stück offen im Firefox und es waren wichtige Sachen dabei, an die ich mich nicht erinnern kann. Ist aber wohl gelöscht jetzt, oder? :/.

9. Hier die Logfiles des OTL-Scans:

OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2012 05:50:45 - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 69,63% Memory free
7,49 Gb Paging File | 6,06 Gb Available in Paging File | 80,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 215,95 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,64% Space Free | Partition Type: FAT32
Drive G: | 3,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.12 17:36:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Musemann\Desktop\Media und Tools\OTL.exe
PRC - [2012.05.10 07:15:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 07:15:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 07:15:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010.07.30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VPN Client\cvpnd.exe
PRC - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2007.07.24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.23 18:25:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.02.22 21:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.02.22 21:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.02.22 21:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.22 01:55:34 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011.11.22 01:55:33 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010.08.05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.07.30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010.04.05 21:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\VPN Client\cvpnd.exe -- (CVPND)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.05.10 07:15:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 07:15:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.04 23:05:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.10 07:15:09 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 07:15:09 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 01:55:36 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 13:29:17 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.08.05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 00:59:16 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010.03.03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.16 22:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\components [2012.04.25 19:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\plugins [2012.05.14 04:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.19 19:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.29 02:22:46 | 000,000,000 | ---D | M]
 
[2011.08.27 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Extensions
[2012.04.18 21:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions
[2012.03.25 12:43:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.25 12:43:47 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\foxmarks@kei.com
[2011.11.01 04:13:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\welcome@toolmin.com
[2012.05.05 01:14:07 | 000,006,241 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\kicker.xml
[2012.05.14 04:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.01.20 00:08:10 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.12 01:27:40 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.04.07 13:18:37 | 000,035,695 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\FACEBOOK@DISCONNECT.ME.XPI
[2012.02.19 17:34:34 | 000,018,684 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.18 21:10:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\MUSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JKTA644V.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E28CE8-C052-4096-83C7-9FB77639C303}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 05:15:08 | 000,000,000 | ---D | C] -- C:\Users\Musemann\Documents\CCleaner Registry Sicherung
[2012.05.14 04:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.14 04:54:48 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.05.14 04:54:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012.05.14 04:54:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012.05.14 04:54:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012.05.14 04:34:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.14 04:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domination
[2012.05.14 04:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Domination
[2012.05.12 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.05.11 19:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.05.11 16:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.05.10 06:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.05.10 06:35:51 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.05.09 23:37:41 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.05.09 23:37:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.05.09 23:37:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.05.09 23:37:28 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012.05.01 18:20:58 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Roaming\AirportMadness4
[2012.05.01 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.05.01 18:08:19 | 000,000,000 | ---D | C] -- C:\Spiele
[2012.05.01 16:16:29 | 000,000,000 | ---D | C] -- C:\Users\Musemann\Desktop\p
[2012.05.01 04:03:40 | 000,000,000 | ---D | C] -- C:\Users\Musemann\AppData\Local\ElevatedDiagnostics
[2012.04.29 16:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.04.25 19:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins
[2012.04.25 19:53:07 | 000,157,352 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.25 19:53:07 | 000,129,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2012.04.25 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\components
[2012.04.23 08:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012.04.19 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\Musemann\Desktop\Feist
[2012.04.19 02:38:59 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2012.04.15 21:18:17 | 000,588,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.15 21:18:17 | 000,043,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.04.15 17:14:59 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.01.16 10:12:45 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012.01.16 10:12:45 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2012.01.16 10:12:45 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2011.08.27 17:41:36 | 015,743,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2011.08.27 17:41:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2011.08.27 17:41:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2011.08.27 17:41:36 | 000,924,600 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2011.08.27 17:41:36 | 000,838,584 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2011.08.27 17:41:36 | 000,646,072 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2011.08.27 17:41:36 | 000,449,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2011.08.27 17:41:36 | 000,371,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2011.08.27 17:41:36 | 000,285,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2011.08.27 17:41:36 | 000,269,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2011.08.27 17:41:36 | 000,187,320 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2011.08.27 17:41:36 | 000,170,936 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2011.08.27 17:41:36 | 000,158,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2011.08.27 17:41:36 | 000,125,880 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2011.08.27 17:41:36 | 000,109,496 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2011.08.27 17:41:36 | 000,105,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2011.08.27 17:41:36 | 000,105,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2011.08.27 17:41:36 | 000,101,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2011.08.27 17:41:36 | 000,022,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2011.08.27 17:41:36 | 000,020,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2011.08.27 17:41:36 | 000,019,896 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2011.08.27 17:41:36 | 000,016,824 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2011.08.27 17:41:36 | 000,016,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2011.08.27 17:41:35 | 000,019,384 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 05:24:15 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 05:24:15 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 05:21:56 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.05.14 05:21:56 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.05.14 05:21:56 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.05.14 05:21:56 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.05.14 05:21:56 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.05.14 05:16:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.14 05:16:33 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.14 05:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.14 04:54:40 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.05.14 04:54:40 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012.05.14 04:54:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012.05.14 04:54:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012.05.14 04:54:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012.05.14 04:29:44 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMusemann.job
[2012.05.14 04:11:41 | 000,002,063 | ---- | M] () -- C:\Users\Musemann\Desktop\Domination.lnk
[2012.05.11 15:18:26 | 000,293,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.05.10 08:36:24 | 000,014,899 | ---- | M] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur.odt
[2012.05.10 07:15:09 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.05.10 07:15:09 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.05.08 01:44:35 | 000,001,253 | ---- | M] () -- C:\Users\Musemann\Desktop\Motherload.lnk
[2012.05.04 23:05:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 23:05:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.04 23:05:33 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.03 18:07:45 | 000,028,592 | ---- | M] () -- C:\Users\Musemann\Desktop\Nachrichten an Menschen.odt
[2012.05.02 01:21:13 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.04.30 03:30:29 | 471,194,484 | ---- | M] () -- C:\Users\Musemann\Desktop\The Best Exotic Marigold Hotel (2011) TS x264 Demitos.mkv
[2012.04.26 08:34:06 | 000,011,852 | ---- | M] () -- C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
[2012.04.26 08:07:06 | 000,024,814 | ---- | M] () -- C:\Users\Musemann\Desktop\Ich war schon lange nicht mehr da.odt
[2012.04.21 18:41:55 | 000,017,408 | ---- | M] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2012.04.21 03:54:13 | 007,508,390 | ---- | M] () -- C:\Program Files\omni.ja
[2012.04.21 03:54:13 | 000,001,586 | ---- | M] () -- C:\Program Files\precomplete
[2012.04.21 03:54:08 | 000,000,701 | ---- | M] () -- C:\Program Files\updater.ini
[2012.04.21 03:53:45 | 000,004,284 | ---- | M] () -- C:\Program Files\crashreporter.ini
[2012.04.21 03:53:44 | 000,000,706 | ---- | M] () -- C:\Program Files\crashreporter-override.ini
[2012.04.21 03:17:56 | 015,743,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.04.21 03:17:18 | 000,019,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.04.21 03:17:16 | 000,285,624 | ---- | M] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.04.21 03:17:14 | 000,158,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.04.21 03:17:13 | 000,170,936 | ---- | M] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.04.21 03:17:13 | 000,000,478 | ---- | M] () -- C:\Program Files\softokn3.chk
[2012.04.21 03:17:11 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.04.21 03:17:09 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.04.21 03:17:08 | 000,020,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.04.21 03:17:06 | 000,022,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.04.21 03:17:05 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.04.21 03:17:04 | 000,109,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.04.21 03:17:04 | 000,000,478 | ---- | M] () -- C:\Program Files\nssdbm3.chk
[2012.04.21 03:17:02 | 000,371,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.04.21 03:17:00 | 000,646,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.04.21 03:16:58 | 000,187,320 | ---- | M] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.04.21 03:16:56 | 000,838,584 | ---- | M] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\mozjs.dll
[2012.04.21 03:16:48 | 000,043,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.04.21 03:16:46 | 000,016,312 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.04.21 03:16:45 | 000,157,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.21 03:16:35 | 000,449,464 | ---- | M] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.04.21 03:16:32 | 000,101,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.04.21 03:16:27 | 000,588,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.21 03:16:23 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.04.21 03:16:23 | 000,000,478 | ---- | M] () -- C:\Program Files\freebl3.chk
[2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2012.04.21 03:16:18 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.04.21 03:16:17 | 000,019,384 | ---- | M] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2012.04.21 03:15:26 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.04.21 03:15:25 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.04.21 03:15:20 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012.04.21 03:15:20 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2012.04.21 03:15:20 | 000,014,124 | ---- | M] () -- C:\Program Files\blocklist.xml
[2012.04.21 03:15:20 | 000,000,455 | ---- | M] () -- C:\Program Files\application.ini
[2012.04.21 03:15:20 | 000,000,140 | ---- | M] () -- C:\Program Files\platform.ini
[2012.04.21 03:15:20 | 000,000,132 | ---- | M] () -- C:\Program Files\update-settings.ini
[2012.04.21 03:15:19 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2012.04.21 03:15:17 | 000,000,130 | ---- | M] () -- C:\Program Files\dependentlibs.list
[2012.04.21 01:34:05 | 000,035,486 | ---- | M] () -- C:\Program Files\removed-files
[2012.04.15 17:40:32 | 000,827,719 | ---- | M] () -- C:\Users\Musemann\Desktop\Journal_Pad_Entry.pdf
 
========== Files Created - No Company Name ==========
 
[2012.05.14 04:11:41 | 000,002,063 | ---- | C] () -- C:\Users\Musemann\Desktop\Domination.lnk
[2012.05.11 19:27:30 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.05.10 05:59:28 | 000,014,899 | ---- | C] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur.odt
[2012.05.08 01:43:54 | 000,001,253 | ---- | C] () -- C:\Users\Musemann\Desktop\Motherload.lnk
[2012.05.01 18:17:54 | 000,000,765 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirportMadness4.lnk
[2012.05.01 18:17:54 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.04.30 01:16:22 | 471,194,484 | ---- | C] () -- C:\Users\Musemann\Desktop\The Best Exotic Marigold Hotel (2011) TS x264 Demitos.mkv
[2012.04.29 16:23:12 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.04.29 16:23:12 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.04.29 16:23:12 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.04.25 19:53:08 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.04.15 17:48:29 | 114,302,233 | ---- | C] () -- C:\Users\Musemann\Desktop\Playboy 05-2012 Deutsch Sophia Thomalla.pdf
[2012.04.15 17:40:27 | 000,827,719 | ---- | C] () -- C:\Users\Musemann\Desktop\Journal_Pad_Entry.pdf
[2012.02.08 18:21:36 | 007,508,390 | ---- | C] () -- C:\Program Files\omni.ja
[2011.10.16 23:03:09 | 000,017,408 | ---- | C] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2011.08.31 14:29:00 | 004,023,808 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011.08.27 17:41:36 | 001,952,696 | ---- | C] () -- C:\Program Files\mozjs.dll
[2011.08.27 17:41:36 | 000,035,486 | ---- | C] () -- C:\Program Files\removed-files
[2011.08.27 17:41:36 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2011.08.27 17:41:36 | 000,001,586 | ---- | C] () -- C:\Program Files\precomplete
[2011.08.27 17:41:36 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2011.08.27 17:41:36 | 000,000,701 | ---- | C] () -- C:\Program Files\updater.ini
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2011.08.27 17:41:36 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2011.08.27 17:41:36 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2011.08.27 17:41:36 | 000,000,130 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2011.08.27 17:41:35 | 000,014,124 | ---- | C] () -- C:\Program Files\blocklist.xml
[2011.08.27 17:41:35 | 000,000,455 | ---- | C] () -- C:\Program Files\application.ini
[2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011.07.03 19:48:42 | 000,147,456 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2011.06.17 06:26:10 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011.03.09 13:35:34 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011.03.09 13:35:34 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.03.09 13:35:33 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.03.09 13:24:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.01.04 14:28:18 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2010.12.09 01:13:09 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010.06.02 14:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.05.01 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\AirportMadness4
[2012.01.17 02:00:43 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Dropbox
[2011.09.23 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\OpenOffice.org
[2011.09.08 14:48:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Shark007
[2011.11.30 20:01:03 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Thunderbird
[2012.01.19 23:25:56 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\toolplugin
[2011.09.08 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Win7codecs
[2012.02.25 03:43:13 | 000,032,606 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extra.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2012 05:50:45 - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 69,63% Memory free
7,49 Gb Paging File | 6,06 Gb Available in Paging File | 80,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 215,95 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,64% Space Free | Partition Type: FAT32
Drive G: | 3,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AA750B-AF2E-4BF9-B8FA-9DEA032404C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BE87FE6-991B-4953-9928-534A5E0FC517}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F3A7272-A632-44BC-A762-8E7F40208965}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{239BA22F-9AE9-4248-A7C8-654E137A4F98}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E093CB0-2026-499F-A07C-27E824B98624}" = rport=139 | protocol=6 | dir=out | app=system | 
"{79A82A26-591C-47D0-8124-BA61D8607CB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{820FC3BA-661D-4454-B9D4-D738F0869049}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83A623CD-51BF-4045-956F-448D65BCFEC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{844D58AB-F89E-4561-9E55-9A17817418E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{97C68E6F-95A4-40E1-8F7F-B9177144AE42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9A927E4E-BC19-4B51-8AB5-C939569863A6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A66D8CF6-1654-4AE4-8BB0-73C03A0718D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AA9A5528-1F55-4714-8413-6F6EE7996222}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1EE6979-8DC0-45E1-A08D-76B824894DED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C0BA7B86-CAF4-40E3-9783-568437131A0D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C8284ACF-67E5-48EA-B56C-6885BBAC55DF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D262CACB-B0C9-4028-A308-57FF24122530}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D3378D46-64AF-4DB4-8583-218B8481F681}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFE63619-8249-4D73-BDDC-9E14288D1771}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA60AABB-49C7-4D5B-9F49-6C8FCB20EC7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FAF5A8D6-FCA3-4D13-978F-3B338A090384}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07ADBB1D-8689-4C8B-94DF-BE3A1C413EDE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0AA1F5F6-0775-42E2-8230-E9AB1A882A6F}" = protocol=6 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{11779428-E491-4E8F-8116-E6D5E0DB125B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{19F7BF6D-ACB7-4EC3-A447-756E33698BDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2106A757-DB02-4B24-8851-A8E1426D4A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26A0736A-B51D-47D5-A2A9-86A902998269}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C1D84D5-0A5B-4EE5-8123-24CDFA4821A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DB0EB2B-3C88-42F8-8F54-BC626DC3CEC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E784096-85E3-41DA-B25D-68E17219E44C}" = protocol=17 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{67CD996C-2ECA-4313-9DBC-6A119DBBD4CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7FDCADB8-DA9F-4226-8228-745ECCB3EE2A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8257888E-7B28-4047-855A-70F237C223B7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{8AE9F45F-6884-41A3-ABEF-DE2A52A85F33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B8768AB-D313-4B12-86B8-EDE8EC3BF83A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{964D7555-BC0D-4169-9D9B-14CD17481E7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E943645-0CFA-4FBA-A478-473F72692A7E}" = protocol=6 | dir=out | app=system | 
"{A177F1AF-A9E4-4781-B1C0-5FD525280EB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1AF54BF-3590-4FC9-939A-4F5EC97FA6B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B15D4B2D-1070-480D-A73A-5A68B163F046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2FBA278-F8A0-42EB-9115-F59B5133E666}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D613D1E8-B8C2-401F-9AFB-DE9C62EF067D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{DB64E3A0-63D3-4DE2-8160-F0FB635E77A2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E8F25029-D5FD-41E5-ADE3-E63DF97FE79F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED5D5B9C-7E91-4161-A53A-733BD64A6469}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0D06511-3266-4BD7-8BCD-FF4F6CC7F702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F142F06E-A653-4389-8ACB-B44196FE22CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{60FF3A47-5ACB-4B00-9A76-24DB42F3F5D7}C:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{7608CD9C-6CB2-4DFC-8FB5-FE9480AFCB7C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{2044B9E4-0B71-434E-A687-41694F660455}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E04AFE08-E285-4474-ABEF-A9B09216F8B7}C:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\musemann\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4B8C753-A5AF-FDA6-05FD-33A099902129}" = AirportMadness4
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F097D8DF-B207-4EA1-91A4-A21B8425F9B4}" = HP Documentation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AirportMadness4" = AirportMadness4
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"SymSilent" = SymSilent
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"xp-AntiSpy" = xp-AntiSpy 3.97-11
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.03.2012 18:12:28 | Computer Name = Musemanns-HP | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: c44    Startzeit: 01cd0552c41e53d2    Endzeit: 42    Anwendungspfad: 
C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: 6e0e8bb0-7147-11e1-b489-cc52af198575

 
Error - 18.04.2012 20:51:05 | Computer Name = Musemanns-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xce4  Startzeit der fehlerhaften Anwendung: 0x01cd1dc4d0fc6cb0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\plugin-container.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: be0b0c6d-89b9-11e1-93f8-cc52af198575
 
Error - 21.04.2012 12:39:51 | Computer Name = Musemanns-HP | Source = Application Hang | ID = 1002
Description = Programm Zattoo.exe, Version 4.0.5.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17c8    Startzeit:
 01cd1fdd4f2652c6    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\Zattoo4\Zattoo.exe

Berichts-ID:
 980c2b32-8bd0-11e1-a9b1-cc52af198575  
 
Error - 25.04.2012 19:54:14 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.04.2012 06:06:38 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.04.2012 11:43:24 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.04.2012 16:00:44 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.04.2012 19:37:38 | Computer Name = Musemanns-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ba91337  Name des fehlerhaften Moduls: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ba91337  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000484b3  ID des fehlerhaften Prozesses:
 0x7d8  Startzeit der fehlerhaften Anwendung: 0x01cd24ceb60ffe40  Pfad der fehlerhaften
 Anwendung: C:\Program Files\VPN Client\cvpnd.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\VPN Client\cvpnd.exe  Berichtskennung: f8a8cd5b-90c1-11e1-8eb6-cc52af198575
 
Error - 27.04.2012 19:39:29 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.04.2012 06:58:05 | Computer Name = Musemanns-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 02.11.2011 08:29:41 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 02.11.2011 08:29:42 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.11.2011 13:21:46 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.11.2011 08:29:29 | Computer Name = Musemanns-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Hewlett-Packard Events ]
Error - 08.01.2012 17:13:28 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 08.01.2012 17:13:53 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 20:27:17 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 22:51:25 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:00:50 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:01:01 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:01:25 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:02:15 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.01.2012 23:08:39 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 1788  Ram Utilization: 90  TargetSite: Void closeConnection()

 
Error - 15.01.2012 23:09:14 | Computer Name = Musemanns-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 07.05.2012 14:32:35 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.07 20:32:35.414|00000FD8|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 08.05.2012 18:24:29 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.09 00:24:29.613|00000E78|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 09.05.2012 15:55:27 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.09 21:55:27.213|000003A8|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 11.05.2012 09:44:58 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.11 15:44:58.015|00000A98|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 12.05.2012 10:39:09 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.12 16:39:09.261|000004C0|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 13.05.2012 09:29:43 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.13 15:29:43.366|00000C7C|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 13.05.2012 13:21:33 | Computer Name = Musemanns-HP | Source = CaslSmBios | ID = 5
Description = 2012.05.13 19:21:33.112|000008E8|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 80040154.
 
Error - 13.05.2012 22:30:40 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.14 04:30:40.381|00000E84|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 13.05.2012 22:39:00 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.14 04:39:00.559|000009D8|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
Error - 13.05.2012 23:18:08 | Computer Name = Musemanns-HP | Source = hpCasl | ID = 5
Description = 2012.05.14 05:18:08.617|00000F64|Error      |[hpcasl]Event::SupportedEvents{string[]()}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154.
 
[ HP Wireless Assistant Events ]
Error - 13.05.2012 22:32:04 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 22:32:07 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 13.05.2012 22:32:17 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 22:39:24 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 22:39:26 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 13.05.2012 22:40:17 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 22:57:30 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 23:19:06 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 13.05.2012 23:19:08 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 13.05.2012 23:19:15 | Computer Name = Musemanns-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 08.05.2012 19:49:44 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpHotkeyMonitor erreicht.
 
Error - 10.05.2012 05:50:25 | Computer Name = Musemanns-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 12.05.2012 12:30:14 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpHotkeyMonitor erreicht.
 
Error - 12.05.2012 16:22:07 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpHotkeyMonitor erreicht.
 
Error - 12.05.2012 22:54:47 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpHotkeyMonitor erreicht.
 
Error - 13.05.2012 09:02:27 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 13.05.2012 22:23:37 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "Spybot S&D 2 Live Protection Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.05.2012 22:29:52 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 13.05.2012 22:37:06 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 13.05.2012 23:16:59 | Computer Name = Musemanns-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
 
< End of report >

--- --- ---

kira · 14.05.2012, 06:39

Zitat:

1. XPAntispy hat mir beim starten gemeldet, dass ich es noch nie benutzt habe.

bei nicht Verwendung bzw nicht benötigst, deinstalliere!

Zitat:

2. Das toolplugin kommt mir nicht bekannt vor. Soll ich es unter Systemsteuerung->Software deinstallieren?

kannst erstmal deaktivieren (Firefox-> Extra-> Erweiterungen/Add ons), wird nicht benötigt dann deinstallieren

Zitat:

3. Ich habe Spybot komplett deinstalliert. Welches Programm kannst du mir stattdessen empfehlen? Ich benutze ja dann jetzt nur noch Antivir und die Windows Firewall. Reicht das schon?

mehr braucht ein Otto-Normal-Windows-User nicht!

Zitat:

6. Ich habe meine bestehende Java-Version auf Update 32 upgedatet. Dabei ist mir aufgefallen, dass ich Java und den Flash Player in der 32Bit-Version benutze, obwohl ich ein 64Bit-System benutze. Ist das wichtig?

für 64 Bit kannst auch Java (7 Update 4 ) und Flash Player installieren, oft werden benötigt
-> http://www.java.com/de/download/
-> http://get.adobe.com/de/flashplayer/
Achtung!:
Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")

Zitat:

Außerdem habe ich versucht, das automatische Java Update von einmal-im-Monat auf einmal-pro-Woche umzustellen, aber jedesmal wenn ich nach der Änderung Java beendet und zur Überprüfung nochmal gestartet habe, stand die Einstellung wieder auf einmal-im-Monat. Weißt du, woran das liegen kann?

haben wir ja Diskussion gehabt, weiß auch nicht warum, aber ist so..bei mir auch

wichtig, auf "Automatisch" gestellt ist!

Zitat:

noch zu 6:
außerdem wurde ich nach dem Neustart gefragt beim Öffnen des Firefox gefragt, ob Java Console 6.0.2.3 etwas installieren darf. Ich gehe davon aus, dass das ok ist, wollte es aber sicherheitshalber erwähnen.

ja

was Proxy betrifft :-> (zur Info)

Zitat:

FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080

chillmeister · 03.07.2012, 11:44

Hallo kira,

nachdem mein System nun einen Monat lang stabil lief, habe ich nun leider wieder Probleme. Erstmal berichte ich dir von den letzten Schritten, die du empfohlen hast:

1.XPAntispy habe ich deinstalliert.
2.Das toolplugin habe ich deinstalliert.
3.Ich habe die 64-Bit-Version vom Flash Player installiert.

nun zu den neuen Problemen: Im Grunde ist es wie vor einem Monat. Thunderbird kann sich nicht authentifizieren beim Server und ich bekomme daher keine Mails mehr. Außerdem laden Internetseiten im Browser extrem lange oder garnicht. Und mir wird von Windows gemeldet, dass ich "Avira Desktop" aktivieren soll. Dabei habe ich es nie deaktiviert. Die Datei, die ich ausführen soll (befindet sich im Antivir-Ordner) heißt "wsctool.exe". Zusätzlich wird mir ein Problem von PSIKey gemeldet. Den Namen habe ich noch nie gehört.

Vielen Dank schonmal für deine Hilfe!

Problem mit Internetverbindung, starker Verdacht auf Malware

Log-Analyse und Auswertung: Problem mit Internetverbindung, starker Verdacht auf Malware