|
Log-Analyse und Auswertung: Ist mein Windows 7 System noch sicher?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.07.2012, 22:18 | #1 |
| Ist mein Windows 7 System noch sicher? Mein System (Windows 7) ist nun ca. 2 Jahre alt. Als Virenscanner benutze ich Avira. Hatte bisher keine besonderen Vorkommnisse. Aber ich möchte gerne auf nummer Sicher gehen und deshalb habe ich mich heute hier angemeldet. Habe einen Scan mit OTL gemacht und würde mich freuen wenn sich die Logs mal ein Spezialist anschauen würde.OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2012 22:50:32 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 72,75% Memory free 16,00 Gb Paging File | 13,46 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 37,28 Gb Free Space | 33,37% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 56,04 Gb Free Space | 24,06% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 387,02 Gb Free Space | 41,55% Space Free | Partition Type: NTFS Drive X: | 465,76 Gb Total Space | 283,74 Gb Free Space | 60,92% Space Free | Partition Type: NTFS Computer Name: C-FLITZER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009ECEA6-AE83-4739-A5A2-B78538249F06}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{00E5F388-C699-4E12-9729-04C9D82378D8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{05560B72-5B49-4E33-AF0F-23F6A4760778}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{063F7A84-A6B4-4CE4-AB10-A478857C747E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06F6C2FB-89EA-44B1-B0CC-46D32ACCB541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0A965F7C-B297-430C-905E-C851BFC42391}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0C386932-70EA-4901-84F2-EF61DDCE91FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{108B3CA9-D396-4C0E-8AB9-ABFA8AF7A329}" = rport=10243 | protocol=6 | dir=out | app=system | "{1D139D02-929F-4480-AFC6-8B857AEC419D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2E4167FD-695A-4011-A340-A29D5BE48CC5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{32ED3E71-A3DA-4421-9457-EE181562D7F5}" = lport=2869 | protocol=6 | dir=in | app=system | "{34AA18B9-9E31-4D7B-812E-8050954C5FD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40E1A3D4-51B3-4845-9F24-A6728AE8C055}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{46087C64-D5CD-49DE-BD80-EC134194D780}" = rport=138 | protocol=17 | dir=out | app=system | "{4D5DAFB0-44B9-4F96-B384-B735FC676894}" = lport=10244 | protocol=6 | dir=in | app=system | "{515E0177-5BF2-4E93-934F-42F737CDC286}" = lport=3390 | protocol=6 | dir=in | app=system | "{52311EBB-6D3E-45BB-8110-68B3AE78EFF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6BABBF58-E66B-4EF4-9FAC-6B0A03C84859}" = rport=445 | protocol=6 | dir=out | app=system | "{830015A3-4978-4897-8E93-0952B3546AC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{830CA50C-701A-4DEF-B58B-5BDB2568740E}" = rport=139 | protocol=6 | dir=out | app=system | "{83E646F4-513B-4FB9-B4BB-295F18A35B28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D7E7678-F653-4E07-A790-F52A16F78256}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9ACD53F8-F147-416E-8F82-F932458A79B9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A22E916D-0631-4854-8DC4-4D8FB25E2A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AB7FBA1D-7229-4129-AA66-F484432FDC1B}" = lport=10243 | protocol=6 | dir=in | app=system | "{B15BAA03-1518-4CE4-88BD-3B5FA521BB73}" = lport=138 | protocol=17 | dir=in | app=system | "{B451D108-BF7C-4C5A-8954-A15BE5BCA2AF}" = lport=137 | protocol=17 | dir=in | app=system | "{B4B2F3E8-A5C9-4BC1-89DE-494AE2A3B1B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4EA8194-C131-40EC-83CD-9553F9733300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B6C6490A-2978-47A8-B176-DAC380AA5719}" = lport=139 | protocol=6 | dir=in | app=system | "{B6D22060-F085-49E6-817D-1FB5845D13FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B968B28C-55C0-4605-8E56-0105208E8FDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD729D2D-7D89-401D-ADA7-2A1267A8D7E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5108531-6DAE-4B86-B745-7183B24219FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE956D40-A814-4DE8-95EE-9AD00A0B40EF}" = rport=137 | protocol=17 | dir=out | app=system | "{D08C24B1-E41C-442C-BA84-CF38D2344D27}" = lport=10245 | protocol=6 | dir=in | app=system | "{DF49B589-F8A1-456A-BDF9-FC784FE4553C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E00CD975-737C-4D35-AD98-C269ABA84D4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4DEA4F0-3137-4CF1-85A6-111CEB54AB24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8D1D564-A0E3-448B-B362-C048D4B92253}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA3AFC7A-AD02-46FD-BB6C-24CD31D34CDA}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{049C12A1-78B1-48CD-B468-BA8EA24EE56B}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "{094ADFFE-0F6D-441B-A0B7-AE2884EEAA88}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{0C74A83C-0609-43C9-BF54-DDF51D5555C6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{12ECC4CE-D838-41E9-BC78-ED0FB78A8632}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1AE13E60-83F1-42ED-BF40-4BF307C65162}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{1C2E3903-F780-46B7-8963-DFEF1B4BA9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{1C7F4AB3-EA43-4B28-9375-D27276C0D07C}" = protocol=6 | dir=in | app=d:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{1C9ECAFA-14C2-4230-A939-6E079F22D501}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "{1EA43DD9-4ABB-4F7E-8686-80CC9B60351E}" = protocol=17 | dir=in | app=d:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{20D5EBB6-3447-4B4A-AE30-55C7433FCC3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2495DC2A-5B27-4389-9CCE-5465BD571B43}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2538F603-C277-4DBD-A39F-BCFC1E5D60A8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2686E23E-B839-40A0-AE7D-92BAE6065468}" = protocol=6 | dir=in | app=c:\program files (x86)\airfoil\airfoil.exe | "{2A5BBA6A-944D-47F2-9FE8-5F6E45C361B6}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "{2EF554C5-5558-4E34-A10E-B414C6D299AE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2F2A5287-EEB6-4A82-89D8-65F496817151}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2FBAE6AA-6D8A-46A3-9837-52A067428F7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2FFDAF8C-9417-49FA-905B-641ED64C2270}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{30B7CB30-5865-4437-BC2F-58A9335A2FCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31CB4267-A0CB-4B39-9EB4-154B77ACEB26}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3711724C-F35E-45A9-BEED-3A7D1B971A86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{41F0747A-C65D-4A77-8AAF-09155CA2A58B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | "{486BC40F-5C08-4349-B733-7F20FBBAAC23}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{48B052AD-CB87-4965-943B-48298EAE06E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4BE788A4-0AA4-462B-B432-ADBB7A870C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4C936166-D37E-4650-9367-4B4CE7526922}" = protocol=17 | dir=in | app=d:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{4DCF4828-8E74-4E7B-A48B-226797E1E335}" = protocol=6 | dir=out | app=system | "{508AFFFB-1A93-45E3-B880-7C2EDEF760FF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A914C62-2937-46D9-A0BE-0FB157B40093}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{5C027155-913D-48FD-B7CB-34091DB2A232}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe | "{5E8BF107-BDF0-41F8-918A-69F6157504C6}" = protocol=17 | dir=in | app=c:\program files (x86)\winscp\winscp.exe | "{65BAA797-DB0C-4431-A883-B7991179B875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{66C00772-8D14-4B2A-9091-694F28AAE2FF}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "{66EA2CB8-C33C-40CB-8905-1A621BE92484}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6C15DE4D-518C-40B3-8F95-CAF9225D8E45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6DA64AFC-81B7-4FB0-9305-F95C9591BB6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{71AA7CFA-B709-4DB7-B50F-363F95C8E27D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{747C011F-E1F7-466D-8A6F-9F2B604DF54B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{79046680-C607-4A38-932E-4A6A17A2850F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7A367C3D-CCFF-4A21-B1E4-A0794BEF996A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7D23A1AC-A2D3-4DFC-9486-A04AE9410831}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7DA039BC-11C3-4BD7-B0DF-FB851C225CE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E20A727-8C5D-4CBD-B8DC-44BCD49B4A86}" = protocol=6 | dir=in | app=c:\program files (x86)\airfoil\airfoilspeakers.exe | "{7E6534E2-7516-4CE9-9596-72E97690E8B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7F86514E-D477-4DD1-B23B-7C6B673CF326}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{80B6CEC2-7EE8-45B2-B2E9-7C9DB39B45CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{858C3AA6-EEB8-46A2-AD44-68CDF80B5DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{887B5AA4-D66D-4582-926A-873ED4CDFA0E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | "{942E3491-3C37-4A4E-9326-6A06DDB35507}" = protocol=17 | dir=in | app=c:\program files (x86)\airfoil\airfoilspeakers.exe | "{9EDDFFF1-B804-4F47-A50E-BEB7A7B0BBCA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A53319F9-AB71-48CC-AED7-913F2808CF5F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{AB68C3EF-BFA9-419A-B5AE-90BD146DD5CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ADD4994F-3E50-457C-A778-5B51333B878F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B05B010A-8BC9-4502-BB38-3B5F7100E1D1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B62B3362-B16C-4553-B54C-66820510924B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B6CEB8DC-F069-44A3-8816-2B70876AA0EB}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{B9CAB961-7E50-451B-A573-E8A9D646B2F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCDD6F52-2C7F-4EAC-9F96-B5E4BE2E0857}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BDC4947A-FCE7-4D0A-9770-3F0A2B005E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{BEA69AA8-CF98-470E-8DCD-85DC5A282E60}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C765D847-8700-4F05-89A1-C7B788D7BE50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CAF0D9CA-DF98-4021-B3D5-1A58058F9C1F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D16F6FC9-DAAE-4D60-97A2-5626765F2B31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D20894F0-4EB9-4107-B67D-6352A0A966E9}" = protocol=6 | dir=in | app=c:\program files (x86)\winscp\winscp.exe | "{D4800371-C853-46C1-8291-94102B0C6FB9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D4EBAE98-2A5D-40E0-8DDE-1CA7C1B58769}" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "{DB64E3A0-3AE7-4D68-B547-12FFE1F2B3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe | "{DB9983A7-7FC2-4BCF-944B-D25EF54E521F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DD7B8194-B55E-4366-9446-D30DC1D40C09}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DD8C9AEC-1EE8-44CD-84C3-EFACD987A1CA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DF60B5D9-2C0B-46D1-83BD-32BCCE841516}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DFAF263F-AD35-4582-8855-BC9B14F0FA95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E5A569F8-74CD-4823-B895-33CBA78454AB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E759CB31-4129-4D6E-8CB9-0C15DFDB4BC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E77914D5-6128-41EA-95A4-98F218B649E2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E79F9048-24F6-43DC-A0D7-3EDB810B6FBE}" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "{EB30AD87-D79F-4F46-AA13-65DBE3E1D609}" = protocol=6 | dir=in | app=d:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{F010E81A-4119-4EE2-8771-640D1D0D0D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "{F63355AD-7343-4363-A044-7331A347E1A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7F463F2-1E73-4734-BAEB-BF5108DB3B10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA873627-8CC2-4EC8-B6DC-41A9209D7D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "{FB8D4919-A2C4-4A6E-AAE1-D86B1D8BDE35}" = protocol=17 | dir=in | app=c:\program files (x86)\airfoil\airfoil.exe | "{FD127818-A57C-4CE3-93DF-4D2D24CC2894}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{20EED935-3A97-44ED-A532-4244A0C97682}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "TCP Query User{33B0AC03-1C64-40A4-B320-FD5274E7AEDE}C:\program files (x86)\winscp\winscp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winscp\winscp.exe | "TCP Query User{539D7B0A-3BA1-40B0-A86B-8365A379689D}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{90E71787-740E-438C-B162-502E0D5E80AC}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "TCP Query User{C6260E83-828A-4839-9D69-47C9F7EDDF93}C:\program files\realvnc\vnc4\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "TCP Query User{CDF46914-A6F9-4B72-A80E-2A93586B11FE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{14162FAA-EB4B-453F-97E1-16FF98538338}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "UDP Query User{351284CB-F2B8-4171-81A6-1E9670FE30D8}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "UDP Query User{3781A7E2-F4EC-4630-90FB-93AC48A63E72}C:\program files (x86)\winscp\winscp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winscp\winscp.exe | "UDP Query User{A0A563F6-E7E1-47AD-9C93-F9662D80EA3D}C:\program files\realvnc\vnc4\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "UDP Query User{A40EB5E0-C68E-41BC-AA0B-D04C85812021}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{C5F0B191-CD56-4965-ADC7-53A4A9680847}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit) "{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin "{44B4F244-5B4D-856E-B3A6-E8DDBDC7F127}" = AMD Fuel "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160320}" = Java(TM) SE Development Kit 6 Update 32 (64-bit) "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "RealVNC_is1" = VNC Enterprise Edition E4.5.4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center "{1339105E-F091-458E-90C1-B8F24153C825}" = Lexware faktura+auftrag 2009 "{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008 "{15EAF67D-279F-4AB4-B19C-8475756151D8}" = MAGIX Video deluxe 17 Plus Sonderedition Video Plugins "{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU) "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1B7DD202-20F6-489F-B7CD-42B9AB2002A0}" = Quicken 2008 - ServicePack 2 "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2209CC4E-A8CF-449D-A4CB-2059153E7ABB}" = iMCardsPC "{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish "{29CFADD2-3211-4BB4-A09A-E52776A2A492}" = Dir2Encrypt "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90 "{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version "{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CE9FE44-077C-46F9-A8EC-4557D2D86790}" = Quicken Import Export Server 2008 "{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight "{4D5308D2-6B0A-4BB0-809F-AE1000038101}" = Microsoft Flight "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3 "{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7365AF2D-705B-40BA-B3F9-1835B0082418}" = DDBAC "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy "{7A9D1CA3-2650-4F82-91BA-5659326D5F11}" = Movavi Video Converter 10 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90 "{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian "{866EB045-6A93-4D0B-A9C2-7C0E7D3F26FB}" = LRTimelapse "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai "{887B05EA-3AC6-4A47-BBEF-BAAE351D1EFF}" = AMD OverDrive "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian "{8F2754CA-B124-4530-9542-00FE699EA8FD}" = Watchtower Library 2010 - Deutsch "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch "{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95E668D-5B58-43E4-9E10-BFF43E943AEB}" = MAGIX Screenshare "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien "{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard "{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D6862B-7112-45CC-B008-2F9D4D409285}" = MAGIX Video deluxe 17 Plus Sonderedition "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5CA1223-2B80-4901-AB52-1595A7DE13D1}" = MAGIX Speed burnR (MSI) "{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English "{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90 "{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Airfoil" = Airfoil "AudibleDownloadManager" = Audible Download Manager "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DVD Shrink_is1" = DVD Shrink 3.2 "Exif-Viewer" = Exif-Viewer 2.50 "FileZilla Client" = FileZilla Client 3.5.0 "Free Download Manager_is1" = Free Download Manager 3.0 "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "GMX ProfiFax" = GMX ProfiFax "Google Calendar Sync" = Google Calendar Sync "InstallShield_{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken Deluxe 2008 "InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13 "MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus Sonderedition "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix "NewBlue Lightning for Magix" = NewBlue Lightning for Magix "Notepad++" = Notepad++ "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "PROHYBRIDR" = 2007 Microsoft Office system "Registry Toolkit (Shareware)_is1" = Registry Toolkit "Stanza" = Stanza "The Regex Coach_is1" = The Regex Coach 0.9.2 "VLC media player" = VLC media player 1.1.5 "VMware_Workstation" = VMware Workstation "winscp3_is1" = WinSCP 4.2.9 "xampp" = XAMPP 1.7.7 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09696666-CB70-4056-A504-D916D92933E2}" = easyFly 4 Starter Edition "{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012 "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.07.2012 18:08:24 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x644 Startzeit der fehlerhaften Anwendung: 0x01cd6c0cc5ae7393 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: 951e4017-d837-11e1-a97f-005056c00008 Error - 28.07.2012 09:15:19 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x640 Startzeit der fehlerhaften Anwendung: 0x01cd6c9bd53744b5 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: 4707e7b2-d8b6-11e1-84f0-005056c00008 Error - 28.07.2012 13:10:39 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x62c Startzeit der fehlerhaften Anwendung: 0x01cd6cc544752fd5 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: 27382f5c-d8d7-11e1-b3c3-005056c00008 Error - 28.07.2012 15:51:00 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0x01cd6cf384d0c752 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: 8db9d6b3-d8ed-11e1-a8fb-005056c00008 Error - 28.07.2012 16:19:22 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x644 Startzeit der fehlerhaften Anwendung: 0x01cd6cfa8eb9c7b4 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: 846b7cb4-d8f1-11e1-806c-005056c00008 Error - 29.07.2012 06:18:02 | Computer Name = C-FLITZER | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4fd626ed Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cd6d71e627ac70 Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Pfad des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Berichtskennung: ad8fbdb2-d966-11e1-8ad5-005056c00008 Error - 29.07.2012 16:11:49 | Computer Name = C-FLITZER | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b6c Startzeit: 01cd6dc615375286 Endzeit: 0 Anwendungspfad: D:\Users\***\Desktop\OTL.exe Berichts-ID: Error - 29.07.2012 16:35:10 | Computer Name = C-FLITZER | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ccc Startzeit: 01cd6dc93af42d0f Endzeit: 0 Anwendungspfad: D:\Users\***\Desktop\OTL.exe Berichts-ID: Error - 29.07.2012 16:47:40 | Computer Name = C-FLITZER | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 434 Startzeit: 01cd6dcb48312540 Endzeit: 0 Anwendungspfad: D:\Users\***\Desktop\OTL.exe Berichts-ID: Error - 29.07.2012 16:48:30 | Computer Name = C-FLITZER | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c80 Startzeit: 01cd6dcb683aaee5 Endzeit: 0 Anwendungspfad: D:\Users\***\Desktop\OTL.exe Berichts-ID: [ Media Center Events ] Error - 03.07.2011 03:53:54 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 09:53:54 - Fehler beim Herstellen der Internetverbindung. 09:53:54 - Serververbindung konnte nicht hergestellt werden.. Error - 03.07.2011 03:54:43 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 09:54:41 - Fehler beim Herstellen der Internetverbindung. 09:54:41 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2011 03:52:42 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 09:52:42 - Fehler beim Herstellen der Internetverbindung. 09:52:42 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2011 03:52:49 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 09:52:47 - Fehler beim Herstellen der Internetverbindung. 09:52:47 - Serververbindung konnte nicht hergestellt werden.. Error - 08.08.2011 06:52:23 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 12:52:20 - Fehler beim Herstellen der Internetverbindung. 12:52:20 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 08:22:01 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 14:21:56 - Fehler beim Herstellen der Internetverbindung. 14:21:56 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 09:22:48 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 15:22:48 - Fehler beim Herstellen der Internetverbindung. 15:22:48 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 10:23:35 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 16:23:35 - Fehler beim Herstellen der Internetverbindung. 16:23:35 - Serververbindung konnte nicht hergestellt werden.. Error - 24.05.2012 01:19:25 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 07:19:25 - Fehler beim Herstellen der Internetverbindung. 07:19:25 - Serververbindung konnte nicht hergestellt werden.. Error - 24.05.2012 01:20:14 | Computer Name = C-FLITZER | Source = MCUpdate | ID = 0 Description = 07:20:12 - Fehler beim Herstellen der Internetverbindung. 07:20:12 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 28.10.2010 03:17:43 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error - 21.04.2011 16:37:54 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 24.04.2011 06:24:08 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:56:49 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 20.05.2011 05:20:06 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.05.2011 13:00:48 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.06.2011 05:14:53 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 24.06.2011 05:58:06 | Computer Name = C-FLITZER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.07.2012 12:54:32 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 27.07.2012 01:58:31 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 27.07.2012 18:08:24 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.07.2012 07:41:32 | Computer Name = C-FLITZER | Source = DCOM | ID = 10010 Description = Error - 28.07.2012 09:15:19 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.07.2012 13:10:39 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.07.2012 15:51:00 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.07.2012 16:19:23 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 29.07.2012 06:18:03 | Computer Name = C-FLITZER | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 29.07.2012 13:50:29 | Computer Name = C-FLITZER | Source = DCOM | ID = 10010 Description = < End of report > --- --- ---OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2012 22:50:32 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 72,75% Memory free 16,00 Gb Paging File | 13,46 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 37,28 Gb Free Space | 33,37% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 56,04 Gb Free Space | 24,06% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 387,02 Gb Free Space | 41,55% Space Free | Partition Type: NTFS Drive X: | 465,76 Gb Total Space | 283,74 Gb Free Space | 60,92% Space Free | Partition Type: NTFS Computer Name: C-FLITZER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - D:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - c:\Program Files (x86)\Airprint\airprint.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AirPrint) -- c:\Program Files (x86)\Airprint\airprint.exe (Apple Inc.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (vna_ap) -- C:\Windows\SysNative\drivers\vnaap.sys (Check Point Software Technologies) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (rsvcdwdr) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys (RapidSolution Software AG) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation) DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (AODDriver4.2.0) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 80 D1 02 9C 79 CB 01 [binary data] IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.gmx.net/ IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes,DefaultScope = {A5F23FA5-89CD-4380-ADEC-0FEDC2C87D1F} IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes\{3ADC0826-6A61-4143-BA10-930F33B015C3}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes\{51A5A868-ADD7-A89B-8D44-D2809384E318}: "URL" = hxxp://www.hamsterstart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-475-0-0 IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes\{A5F23FA5-89CD-4380-ADEC-0FEDC2C87D1F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\SearchScopes\{E35F9088-0F72-42FC-9413-8DE265D9C71C}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0 FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..keyword.URL: "hxxp://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 12:54:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.28 12:48:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 12:54:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.28 12:48:17 | 000,000,000 | ---D | M] [2010.11.05 14:02:56 | 000,000,000 | ---D | M] (No name found) -- D:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.29 21:34:29 | 000,000,000 | ---D | M] (No name found) -- D:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghc4n058.default\extensions [2011.03.07 20:21:21 | 000,000,000 | ---D | M] (EPUBReader) -- D:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghc4n058.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.07.29 21:34:29 | 000,000,000 | ---D | M] (WOT) -- D:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghc4n058.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.12.30 00:38:34 | 000,001,061 | ---- | M] () -- D:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ghc4n058.default\searchplugins\yahoo-zugo.xml [2012.02.25 14:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.07.03 12:58:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.29 21:34:29 | 000,526,190 | ---- | M] () (No name found) -- D:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GHC4N058.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.11.12 22:07:39 | 001,242,930 | ---- | M] () (No name found) -- D:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GHC4N058.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.07.28 12:54:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.28 12:54:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.28 12:54:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.28 12:54:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.28 12:54:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.28 12:54:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.28 12:54:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.15 18:09:13 | 000,000,906 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 dev.localhost O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKU\S-1-5-21-1352053197-730313820-1797129643-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1352053197-730313820-1797129643-1005..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1352053197-730313820-1797129643-1005..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKU\S-1-5-21-1352053197-730313820-1797129643-1005..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-1352053197-730313820-1797129643-1005..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: D:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: D:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk = C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF54892-A634-4070-844A-26557EC98414}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587D6E71-F7CD-4853-B855-73EAD03D280E}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB58585B-7055-454E-AF5E-854716DA92F6}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 22:09:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- D:\Users\***\Desktop\OTL.exe [2012.07.29 18:17:36 | 000,000,000 | ---D | C] -- C:\Downloads [2012.07.28 12:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.07.28 12:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.28 12:48:17 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.07.28 12:48:17 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.28 12:48:15 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.28 12:48:15 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.28 12:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.27 07:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.07.27 07:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.07.24 20:27:26 | 000,000,000 | ---D | C] -- D:\Users\***\Desktop\Betriebsausflug [2012.07.17 19:18:00 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Roaming\Buhl Data Service [2012.07.17 19:18:00 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Local\Buhl Data Service [2012.07.17 19:17:56 | 000,000,000 | ---D | C] -- D:\Users\***\Documents\tax [2012.07.17 19:17:41 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Local\Buhl [2012.07.17 19:17:38 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\t@x 2012 [2012.07.17 19:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buhl finance [2012.07.17 19:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2012.07.17 19:13:41 | 000,000,000 | ---D | C] -- D:\Users\***\Desktop\t@x 2012 (für Steuerjahr 2011) [2012.07.15 20:14:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.07.15 20:14:53 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.07.15 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD [2012.07.15 19:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.15 19:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.07.15 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.15 19:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.15 18:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.15 18:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.15 18:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.15 18:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.07.15 18:02:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.15 17:19:03 | 000,000,000 | ---D | C] -- C:\AMD [2012.07.15 16:05:57 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Local\Microsoft_Corporation [2012.07.11 08:57:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 08:57:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 08:57:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 08:57:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 08:57:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 08:57:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 08:57:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 08:57:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 08:57:30 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 08:57:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 08:57:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 08:57:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 08:57:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 08:06:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 08:06:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 08:06:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 08:06:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 08:06:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.06.30 09:49:07 | 000,000,000 | ---D | C] -- D:\Users\***\Documents\2012 [2012.06.30 09:14:03 | 000,000,000 | ---D | C] -- D:\Users\***\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.29 22:30:43 | 000,000,000 | ---- | M] () -- D:\Users\***\defogger_reenable [2012.07.29 22:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 22:27:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.29 22:25:57 | 000,050,477 | ---- | M] () -- D:\Users\***\Desktop\Defogger.exe [2012.07.29 22:09:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\Users\***\Desktop\OTL.exe [2012.07.29 20:33:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.29 20:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 13:07:53 | 001,515,620 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.29 13:07:53 | 000,660,382 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.29 13:07:53 | 000,621,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.29 13:07:53 | 000,132,280 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.29 13:07:53 | 000,108,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.29 12:35:06 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 12:35:06 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 12:27:52 | 2146,815,999 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 18:40:12 | 000,002,040 | -H-- | M] () -- D:\Users\***\Documents\Default.rdp [2012.07.28 12:48:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.28 12:48:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.27 19:28:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.27 19:28:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.21 14:55:33 | 000,007,614 | ---- | M] () -- D:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.07.17 19:20:43 | 000,000,716 | ---- | M] () -- C:\Windows\wiso.ini [2012.07.17 19:17:40 | 000,002,065 | ---- | M] () -- D:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2012.07.17 19:17:40 | 000,002,060 | ---- | M] () -- D:\Users\***\Desktop\t@x 2012.lnk [2012.07.15 19:52:56 | 000,001,951 | ---- | M] () -- D:\Users\Public\Desktop\AMD OverDrive.lnk [2012.07.13 16:46:01 | 000,369,025 | ---- | M] () -- D:\Users\Public\Documents\Lsk2.pdf [2012.07.13 16:44:50 | 000,312,723 | ---- | M] () -- D:\Users\Public\Documents\Lsk.pdf [2012.07.11 11:33:12 | 005,103,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll ========== Files Created - No Company Name ========== [2012.07.29 22:30:43 | 000,000,000 | ---- | C] () -- D:\Users\***\defogger_reenable [2012.07.29 22:25:57 | 000,050,477 | ---- | C] () -- D:\Users\***\Desktop\Defogger.exe [2012.07.17 19:17:41 | 000,000,716 | ---- | C] () -- C:\Windows\wiso.ini [2012.07.17 19:17:40 | 000,002,065 | ---- | C] () -- D:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2012.07.17 19:17:40 | 000,002,060 | ---- | C] () -- D:\Users\***\Desktop\t@x 2012.lnk [2012.07.15 19:52:56 | 000,001,951 | ---- | C] () -- D:\Users\Public\Desktop\AMD OverDrive.lnk [2012.07.13 16:46:01 | 000,369,025 | ---- | C] () -- D:\Users\Public\Documents\Lsk2.pdf [2012.07.13 16:44:51 | 000,312,723 | ---- | C] () -- D:\Users\Public\Documents\Lsk.pdf [2012.07.10 19:28:54 | 000,001,536 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012.06.27 18:48:27 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.27 18:48:27 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.20 13:07:11 | 000,000,132 | ---- | C] () -- D:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 09:48:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.09.19 09:48:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.08 15:03:44 | 000,012,288 | ---- | C] () -- D:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.01 19:55:14 | 000,168,584 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll [2010.12.30 13:07:22 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako [2010.12.04 12:01:58 | 000,000,600 | ---- | C] () -- D:\Users\***\AppData\Local\PUTTY.RND [2010.12.04 11:51:13 | 000,000,600 | ---- | C] () -- D:\Users\***\AppData\Roaming\winscp.rnd [2010.10.27 14:55:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2010.10.23 10:26:16 | 000,001,456 | ---- | C] () -- D:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.10.10 19:21:30 | 000,007,614 | ---- | C] () -- D:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.10.08 16:00:10 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2010.10.08 15:12:41 | 001,535,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.07 23:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.06.01 23:10:45 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\CheckPoint [2012.07.29 21:29:47 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\Free Download Manager [2010.11.04 19:02:22 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\HTC [2012.07.29 21:29:42 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\KeePass [2010.11.04 19:02:29 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\Lexware [2012.06.11 13:31:38 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\MAGIX [2011.01.07 14:25:26 | 000,000,000 | ---D | M] -- D:\Users\Alexandra\AppData\Roaming\Watchtower [2011.06.08 18:45:34 | 000,000,000 | ---D | M] -- D:\Users\Kilian\AppData\Roaming\CheckPoint [2012.04.22 12:32:04 | 000,000,000 | ---D | M] -- D:\Users\Kilian\AppData\Roaming\Free Download Manager [2010.11.11 19:45:48 | 000,000,000 | ---D | M] -- D:\Users\Kilian\AppData\Roaming\HTC [2010.11.11 19:45:55 | 000,000,000 | ---D | M] -- D:\Users\Kilian\AppData\Roaming\Lexware [2012.07.17 19:18:00 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Buhl Data Service [2011.01.16 14:00:07 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Canneverbe Limited [2012.03.23 01:21:17 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.09.05 19:29:53 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\CheckPoint [2011.11.26 16:23:29 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.10.11 10:39:39 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\DataDesign [2012.07.29 20:05:55 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Dropbox [2012.04.07 14:09:20 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Exif Viewer [2012.05.13 12:18:43 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\FileZilla [2012.03.24 17:19:25 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\flightgear.org [2012.07.29 22:49:41 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Free Download Manager [2011.05.07 23:00:07 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\FreeVideoConverter [2011.02.07 16:31:06 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\GMX [2010.12.30 00:38:42 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\HamsterSoft [2011.10.06 18:48:10 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\IPACS [2012.07.29 22:46:47 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\KeePass [2010.10.10 15:04:28 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Lexware [2012.04.21 13:20:58 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\LRTimelapse [2012.05.22 16:21:12 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\MAGIX [2010.12.30 13:07:23 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\MOVAVI [2010.12.30 14:27:02 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Movavi Video Converter 10 [2012.05.17 23:06:37 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\No Company Name [2011.08.21 19:07:27 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Notepad++ [2010.10.23 09:08:02 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Outlook [2011.11.26 16:53:53 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\PACE Anti-Piracy [2011.06.13 18:29:24 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Seas0nPass [2011.02.05 17:33:00 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.03.24 17:12:33 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Subversion [2011.12.01 21:09:48 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\TeamViewer [2010.10.23 08:57:59 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Tific [2011.01.01 13:53:39 | 000,000,000 | ---D | M] -- D:\Users\***\AppData\Roaming\Watchtower [2012.06.29 15:27:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Vielen Dank schon mal im Voraus lagur Geändert von lagur (29.07.2012 um 22:28 Uhr) |
30.07.2012, 14:46 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher?Code:
ATTFilter O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587D6E71-F7CD-4853-B855-73EAD03D280E}: DhcpNameServer = 192.168.42.129 Code:
ATTFilter 64bit- Ultimate Edition Service Pack 1 Zitat:
__________________ |
31.07.2012, 09:25 | #3 |
| Ist mein Windows 7 System noch sicher? Es ist kein Büro PC
__________________Ich wollte XP Mode nutzen. PC reagiert nicht ungewöhnlich. Im Logfile von Avira keine Virenbefunde. |
31.07.2012, 11:30 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
31.07.2012, 16:09 | #5 |
| Ist mein Windows 7 System noch sicher? Hallo Arne, Das geht aber fix. Bin gerade ein paar Tage im Urlaub. Werde deine Anweisungen durchführen wenn ich wieder Zuhause bin. Hast du schon etwas verdächtiges gefunden? Wie findet Ihr in einem OTL Logfile Hinweise auf malware? Wie kann ich mich in dieser Sache weiterbilden? Viele Grüße Lagur |
31.07.2012, 20:17 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher?Zitat:
__________________ --> Ist mein Windows 7 System noch sicher? |
06.08.2012, 17:54 | #7 |
| Ist mein Windows 7 System noch sicher? Hallo Arne, der Scan mit Malwarebytes war ohne ergebnis ESET hat was in einer PHP Datei eines WP Themes gefunden Der Code in der PHP Datei ist aber Verschlusselt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=02c057d83a3afa40b55f3f33085ff990 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-06 04:18:14 # local_time=2012-08-06 06:18:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 29006620 29006620 0 0 # compatibility_mode=1792 16777215 100 0 24368764 24368764 0 0 # compatibility_mode=5893 16776573 100 94 10179 95891672 0 0 # compatibility_mode=8192 67108863 100 0 467 467 0 0 # scanned=1013220 # found=3 # cleaned=0 # scan_time=8072 C:\Dokumente und Einstellungen\Ralf\Documents\2010\_Projekte\Wordpress\wp-content\themes\brilliance\footer.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Ralf\Documents\2010\_Projekte\Wordpress\wp-content\themes\brilliance\footer.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I D:\Users\Ralf\Documents\2010\_Projekte\Wordpress\wp-content\themes\brilliance\footer.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I |
07.08.2012, 11:52 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher?Zitat:
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
07.08.2012, 15:35 | #9 |
| Ist mein Windows 7 System noch sicher? Was sollen das für Infos sein? Aber gut hier der Code Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ralf :: PC-W7 [Administrator] Schutz: Aktiviert 06.08.2012 14:32:24 mbam-log-2012-08-06 (14-32-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 964170 Laufzeit: 57 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
08.08.2012, 15:55 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.08.2012, 19:01 | #11 |
| Ist mein Windows 7 System noch sicher? Warum jetzt noch ein Scanner, gibt es denn einen begründeten Verdacht? Wenn ja, dann würde ich jetzt gerne erst einmal wissen was das sein soll? Ich werde jetzt nicht belibig viele Scanner installieren. Avira findet nix ESET nur in einem Template Malwarebyte auch nix Windows Defender auch nicht und über OTL gibst du keine Informationen raus. Ich habe mit der Avira Rescu CD auch gescannt und nix gefunden. Also noch einmal, gibt es einen begründeten Verdacht? |
09.08.2012, 13:39 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher?Zitat:
Fragst du die Bauarbeiter wenn du Bauherr bist "waaaas noch ein Werkzeug? wir wollen doch nur ein Haus bauen, reichen da Hammer und Schraubendreher nicht?" So ein Computer ist leider etwas komplizierter und man muss mit einigen spieziellen Tools da ran! Und zur Info: Der adwCleaner ist KEIN VIRENSCANNER, er klopft das System auf Toolbar- und Adwaremüll ab! Du kannst diese Pest aber gern drauflassen
__________________ Logfiles bitte immer in CODE-Tags posten |
09.08.2012, 16:07 | #13 |
| Ist mein Windows 7 System noch sicher? Sorry, wollte dich nicht verärgern. Möchte halt gern ein paar Hintergrundinformationen. Ich möchte gerne wissen warum ich etwas machen soll. Das geht dir doch bestimmt auch so - denn sonst hättest du bestimmt nicht so gute Sytemkenntnisse, oder? Ich werde heute Abent den Scanner installieren und dann sehen wir weiter Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/09/2012 at 18:14:11 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Ralf - PC-W7 # Running from : D:\Users\Ralf\Desktop\adwCleaner1703.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess File Found : D:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ghc4n058.default\searchplugins\yahoo-zugo.xml ***** [Registry] ***** Key Found : HKCU\Software\Ask.com.tmp Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL [x64] Key Found : HKCU\Software\Ask.com.tmp [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\Zugo [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : D:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ghc4n058.default\prefs.js [OK] File is clean. Profile name : default File : D:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\gjxhqa3h.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1411 octets] - [09/08/2012 18:14:11] ########## EOF - D:\AdwCleaner[R1].txt - [1539 octets] ########## |
10.08.2012, 18:53 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Windows 7 System noch sicher? Steht das nicht in der Überschrift des Tools?! Zitat:
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
11.08.2012, 19:32 | #15 |
| Ist mein Windows 7 System noch sicher? Doch steht drin? Noch mal Sorry. Würde mich freuen wenn ich noch ein wenig von dir lernen könnte und du mir noch ein wenig erläutern könntest wann du welches tool benutzt und ab wann man sich wieder ein wenig sicherer fühlen kann. Ich als Leihe bin halt einfach davon ausgegangen das man nach zwei oder drei Scannern die nix finden auf der sicheren Seite ist. Aber ich war da offensichtlich auf dem falschen Dampfer. Hab mal auf meinem Rechner nach der BHO.dll gesucht aber nix gefunden. Was waren das für Registre Einträge? Weist du was das auf meinem Rechner gemacht hat? Vielen Dank schon mal für deine Zeit, Mühe und Geduld. Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/11/2012 at 21:05:46 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Ralf - PC-W7 # Running from : D:\Users\Ralf\Desktop\adwCleaner1703.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\boost_interprocess File Deleted : D:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ghc4n058.default\searchplugins\yahoo-zugo.xml ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : D:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ghc4n058.default\prefs.js [OK] File is clean. Profile name : default File : D:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\gjxhqa3h.default\prefs.js [OK] File is clean. ************************* AdwCleaner[S1].txt - [1196 octets] - [11/08/2012 21:05:46] ########## EOF - D:\AdwCleaner[S1].txt - [1324 octets] ########## |
Themen zu Ist mein Windows 7 System noch sicher? |
7-zip, anschauen, auftrag, besondere, feedback, free download, freue, heute, install.exe, jahre, langs, lightning, nummer, office 2007, origin, picasa, plug-in, scan, scanner, system, usb 3.0, virenscan, virenscanner, windows, windows 7, würde |