![]() |
|
Plagegeister aller Art und deren Bekämpfung: IncrediBar BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() IncrediBar Befall Hallo! seit ich neulich etwas von chip.de runtergeladen habe, öffnet sich in einem neuen Tab immer eine Suchmaschine von diesem MyStart Incredibar. Außerdem funktioniert die suche über google fast gar nicht mehr, jedes Mal hängt sich der Laptop auf und er ist auch allgemein viel langsamer geworden. Ich hab schon versucht, das zu deinstallieren, bei anderen Toolbars geht das ja Ratzfatz. Aber diese ist irgendwie nicht auffindbar, also für mich nicht auffindbar. Entschuldigt, ich bin einfach nicht so bewandert mit diesen technischen Sachen und kann mit den meisten Fachbegriffen vermutlich gar nichts anfangen. Also, falls sich jemand die Mühe macht und mir antwortet (auch wenn ich jetzt vielleicht schon irgendwas falsch gemacht habe) wäre ich wirklich sehr dankbar. Für mich war's jetzt schon ne Tortur, diesen Thread zu erstellen, ohne Witz! Das mit den Logfiles hab ich übrigens erst im zweiten Anlauf hinbekommen. Aber danke im Voraus, für alle die sich Zeit nehmen! mbam: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.02.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 ***:: ***-HP [Administrator] 02.10.2012 20:57:43 mbam-log-2012-10-02 (21-00-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214133 Laufzeit: 2 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Local\Temp\FW3KcZ8z.exe.part (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 02.10.2012 20:34:35 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 55,64% Memory free 7,60 Gb Paging File | 5,59 Gb Available in Paging File | 73,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,65 Gb Total Space | 369,18 Gb Free Space | 82,10% Space Free | Partition Type: NTFS Drive D: | 15,82 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS Computer Name: ***-HP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.02 20:34:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.10.02 09:27:25 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe PRC - [2012.09.25 11:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe PRC - [2012.09.16 08:33:51 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.09.14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.09.11 21:59:42 | 000,108,384 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe PRC - [2012.09.06 03:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe PRC - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.08.20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 21:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 21:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012.10.02 09:27:25 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll MOD - [2012.09.25 11:05:32 | 022,423,984 | ---- | M] () -- C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll MOD - [2012.09.25 11:05:08 | 000,181,680 | ---- | M] () -- C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll MOD - [2012.09.25 11:05:00 | 000,286,640 | ---- | M] () -- C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll MOD - [2012.09.06 03:25:12 | 002,244,064 | ---- | M] () -- C:\Users\***\AppData\Local\Mozilla Firefox\mozjs.dll MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2012.06.14 19:22:29 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.14 19:21:53 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.14 19:21:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.10 20:05:20 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\68eb2c96de3918a4757f5f768dc671c7\IAStorUtil.ni.dll MOD - [2012.05.10 15:47:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 15:47:42 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.10 15:46:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.10 15:46:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.10 15:46:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.10 15:46:01 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.10 15:45:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.07.20 23:44:48 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.20 23:44:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.06.22 07:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.02 09:27:25 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.16 08:33:51 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.09.06 03:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.08.20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2010.06.17 15:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV - [2010.06.01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 21:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.18 21:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.09.16 08:33:52 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.09.14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.09.12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.08.10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.08.09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.29 12:44:06 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.12 03:36:31 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.06.22 09:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.06.22 07:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.06.22 07:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.06.22 07:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.31 21:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.05.06 15:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{1BAE0C91-E541-498D-8606-EE65F85E7CCB}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{8C605418-A275-476E-A888-A5AF4D608319}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{DA3125A8-8EC9-4B8D-85FB-2658C7C5C40C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{1BAE0C91-E541-498D-8606-EE65F85E7CCB}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{8C605418-A275-476E-A888-A5AF4D608319}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{DA3125A8-8EC9-4B8D-85FB-2658C7C5C40C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{1BAE0C91-E541-498D-8606-EE65F85E7CCB}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{8C605418-A275-476E-A888-A5AF4D608319}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{DA3125A8-8EC9-4B8D-85FB-2658C7C5C40C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://kleiderkreisel.de/" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: stefanvandamme@stefanvd.net:2.1.0.7 FF - prefs.js..extensions.enabledAddons: flashlight@stephennolan.com.au:1.1 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6 FF - prefs.js..extensions.enabledAddons: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.18 19:43:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Users\charlie\AppData\Local\Mozilla Firefox\components [2012.10.02 09:38:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Users\charlie\AppData\Local\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hj62cof2.default\extensions\firejump@firejump.net [2010.12.24 21:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.10.02 09:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj62cof2.default\extensions [2012.08.15 21:12:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj62cof2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.26 18:41:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj62cof2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012.04.16 13:11:18 | 000,000,000 | ---D | M] (Flashlight) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hj62cof2.default\extensions\flashlight@stephennolan.com.au [2012.09.13 18:57:12 | 000,275,902 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012.09.12 18:31:34 | 000,631,951 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\extensions\stefanvandamme@stefanvd.net.xpi [2012.09.18 09:32:36 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\extensions\toolbar@web.de.xpi [2012.09.26 18:41:09 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.25 22:06:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.18 09:32:59 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\11-suche.xml [2012.09.18 09:32:59 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\englische-ergebnisse.xml [2012.09.18 09:32:59 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\gmx-suche.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\icqplugin.xml [2012.09.18 09:32:59 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\lastminute.xml [2012.09.18 09:32:59 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\hj62cof2.default\searchplugins\webde-suche.xml [2012.10.02 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities\memdefrag.exe (Glarysoft Ltd) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{957CB5AC-E32C-476E-822C-30022396B5EC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{bda60ff5-1338-11e0-a63a-fcfe29f6b982}\Shell - "" = AutoRun O33 - MountPoints2\{bda60ff5-1338-11e0-a63a-fcfe29f6b982}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.02 20:34:24 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.02 09:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.10.02 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla Firefox [2012.09.27 00:24:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.09.25 14:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.25 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.25 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.25 14:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.09.23 23:15:20 | 000,000,000 | ---D | C] -- C:\Users\charlie\AppData\Roaming\Google [2012.09.23 23:08:44 | 000,000,000 | ---D | C] -- C:\Users\charlie\AppData\Local\Google [2012.09.23 11:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities [2012.09.23 11:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2012.09.23 11:49:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.21 08:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.09.20 11:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync [2012.09.17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2012.09.16 08:34:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2013 [2012.09.16 08:33:52 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.09.16 08:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.09.16 08:33:03 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.09.16 08:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.09.16 08:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.09.16 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData [2012.09.16 00:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.09.16 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013 [2012.09.16 00:08:46 | 005,352,288 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\CCleaner64.exe [2012.09.16 00:08:44 | 003,113,312 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\CCleaner.exe [2012.09.14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012.09.12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012.09.12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012.09.12 08:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.11 14:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Breaking Bad S05E06 HDTV x264-EVOLVE[ettv] [2012.09.11 14:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012.09.11 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\uTorrent [2012.09.10 10:04:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.09.08 01:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.02 20:38:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\charlie\Desktop\mbam-setup-1.65.0.1400.exe [2012.10.02 20:34:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\charlie\Desktop\OTL.exe [2012.10.02 20:31:48 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.10.02 20:31:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.02 20:31:16 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2012.10.02 20:30:12 | 000,000,188 | ---- | M] () -- C:\Users\charlie\defogger_reenable [2012.10.02 20:29:56 | 000,050,477 | ---- | M] () -- C:\Users\charlie\Desktop\Defogger.exe [2012.10.02 20:14:54 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 20:14:54 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 13:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.02 12:21:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3817504591-2883384937-680320212-1001UA.job [2012.10.02 12:03:23 | 000,551,853 | ---- | M] () -- C:\Users\charlie\Desktop\sneak-hausaufgabe..jpg [2012.10.02 09:38:52 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.01 21:21:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3817504591-2883384937-680320212-1001Core.job [2012.09.29 13:52:34 | 000,343,649 | ---- | M] () -- C:\Users\charlie\Desktop\bienchen..jpg [2012.09.28 17:57:55 | 003,650,910 | ---- | M] () -- C:\Users\charlie\Desktop\.pdf-backofen..pdf [2012.09.28 14:14:15 | 000,205,965 | ---- | M] () -- C:\Users\charlie\Desktop\diy-teppich2.JPG [2012.09.28 14:11:04 | 000,099,971 | ---- | M] () -- C:\Users\charlie\Desktop\nudeln..jpg [2012.09.27 00:24:56 | 000,001,320 | ---- | M] () -- C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.09.26 16:42:18 | 000,316,513 | ---- | M] () -- C:\Users\charlie\Desktop\nächstenliebe..jpg [2012.09.26 16:21:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcharlie.job [2012.09.25 14:48:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.23 11:51:37 | 000,001,066 | ---- | M] () -- C:\Users\charlie\Desktop\Glary Utilities.lnk [2012.09.21 08:58:43 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.09.20 21:53:27 | 000,001,398 | ---- | M] () -- C:\Users\charlie\Desktop\Free YouTube to MP3 Converter.lnk [2012.09.17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2012.09.17 17:19:07 | 000,183,548 | ---- | M] () -- C:\Users\charlie\Desktop\skype.vorteilhaft2.jpg [2012.09.17 10:38:08 | 000,187,683 | ---- | M] () -- C:\Users\charlie\Desktop\skype. vorteilhaft1.jpg [2012.09.16 08:33:52 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.09.16 00:08:45 | 003,113,312 | ---- | M] (Piriform Ltd) -- C:\Users\charlie\Desktop\CCleaner.exe [2012.09.15 15:35:56 | 008,836,254 | ---- | M] () -- C:\Users\charlie\Desktop\12 Multiplication.mp3 [2012.09.14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012.09.12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012.09.12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012.09.12 08:00:19 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2012.10.02 20:30:12 | 000,000,188 | ---- | C] () -- C:\Users\charlie\defogger_reenable [2012.10.02 20:29:55 | 000,050,477 | ---- | C] () -- C:\Users\charlie\Desktop\Defogger.exe [2012.10.02 09:35:17 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.02 09:35:17 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.29 13:52:33 | 000,343,649 | ---- | C] () -- C:\Users\charlie\Desktop\bienchen..jpg [2012.09.28 20:09:46 | 000,551,853 | ---- | C] () -- C:\Users\charlie\Desktop\sneak-hausaufgabe..jpg [2012.09.28 17:57:55 | 003,650,910 | ---- | C] () -- C:\Users\charlie\Desktop\.pdf-backofen..pdf [2012.09.28 14:14:15 | 000,205,965 | ---- | C] () -- C:\Users\charlie\Desktop\diy-teppich2.JPG [2012.09.28 14:11:04 | 000,099,971 | ---- | C] () -- C:\Users\charlie\Desktop\nudeln..jpg [2012.09.27 00:24:52 | 000,001,320 | ---- | C] () -- C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.09.26 16:42:17 | 000,316,513 | ---- | C] () -- C:\Users\charlie\Desktop\nächstenliebe..jpg [2012.09.25 14:48:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.23 11:51:39 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2012.09.23 11:51:37 | 000,001,066 | ---- | C] () -- C:\Users\charlie\Desktop\Glary Utilities.lnk [2012.09.17 17:19:06 | 000,183,548 | ---- | C] () -- C:\Users\charlie\Desktop\skype.vorteilhaft2.jpg [2012.09.17 10:38:08 | 000,187,683 | ---- | C] () -- C:\Users\charlie\Desktop\skype. vorteilhaft1.jpg [2012.09.16 08:33:57 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.09.15 15:14:42 | 008,836,254 | ---- | C] () -- C:\Users\charlie\Desktop\12 Multiplication.mp3 [2012.09.12 08:00:19 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.12 19:42:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.03.13 18:36:57 | 000,010,639 | ---- | C] () -- C:\Users\charlie\chaseba_elster_2048.pfx [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.10.18 14:03:40 | 000,000,836 | ---- | C] () -- C:\Users\charlie\.recently-used.xbel [2011.01.04 21:18:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.12 03:47:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.12 03:45:20 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.10.12 03:35:54 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.10.12 03:35:54 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.10.12 03:33:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.15 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\.minecraft [2012.08.27 18:05:36 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Artweaver Free [2012.09.16 08:34:42 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\AVG2013 [2012.10.02 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\BrowserCompanion [2011.09.09 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\DAEMON Tools Lite [2012.08.20 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\DesktopIconForAmazon [2012.09.20 21:53:35 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\DVDVideoSoft [2012.08.15 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.05 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Foxit Software [2012.09.23 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\GlarySoft [2011.10.18 14:00:46 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\gtk-2.0 [2012.09.21 08:56:35 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Opera [2011.10.24 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Panda Security [2012.07.25 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\PhotoScape [2012.08.05 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Pixlromatic [2012.03.20 22:36:46 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\SharePod [2012.05.14 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\Systweak [2011.05.29 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\TS3Client [2012.08.30 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\TuneUp Software [2012.09.23 11:47:42 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\uTorrent [2010.12.25 13:05:32 | 000,000,000 | ---D | M] -- C:\Users\charlie\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C59E90A4 < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.10.2012 20:34:35 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\charlie\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 55,64% Memory free 7,60 Gb Paging File | 5,59 Gb Available in Paging File | 73,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,65 Gb Total Space | 369,18 Gb Free Space | 82,10% Space Free | Partition Type: NTFS Drive D: | 15,82 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS Computer Name: CHARLIE-HP | User Name: charlie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Users\charlie\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BB4206D-67AB-4FD4-B66B-977F524652FF}" = lport=2869 | protocol=6 | dir=in | app=system | "{0BBD9447-4076-45F3-A3B8-B7F1349A4B21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1735CA27-25D7-429C-832B-07B6120FB98D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1B15B120-4A14-4614-B17E-54C425B73F87}" = lport=445 | protocol=6 | dir=in | app=system | "{1EF4CF5D-5F75-487E-A38B-AC92CF9E7984}" = lport=139 | protocol=6 | dir=in | app=system | "{1FC162E8-81FA-4A6C-ABCC-C51B5871AF75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{35003A85-D115-4910-AA72-D25C5CCA34E8}" = rport=139 | protocol=6 | dir=out | app=system | "{4B266916-6AAD-4FC9-9D44-8A829991374E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5ED1A752-F484-4FED-B910-25726A34FF6D}" = lport=10243 | protocol=6 | dir=in | app=system | "{5F8C155C-7E07-4290-BB0A-E2423429CD3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60C25EAA-D746-43D0-8261-853064847BEC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{60D37F5A-FDF6-4BF4-8095-8CDDC3EDC96A}" = rport=10243 | protocol=6 | dir=out | app=system | "{60D6E4C9-D63B-4C40-9269-189D5DCE6321}" = lport=2869 | protocol=6 | dir=in | app=system | "{6A8C86AA-7784-49C0-8354-E4F1040EDD38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F923D5B-0756-4DFE-A305-90F5EFC2F0AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9B931F42-F5EE-4C93-842E-AFE228E5F864}" = rport=445 | protocol=6 | dir=out | app=system | "{9CB7199B-26B1-454C-9E1D-FB3139A59FFF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9D187B49-A0A8-45B7-ACD7-384254DA31AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EA2066F-E4A2-43C8-AD02-2E39901F24A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A2973C98-FCBE-4D4C-93FF-E9BC69BB1C0E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A630533D-922B-4FDA-92B2-3032517E8C9D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AC6DBB83-FE25-4631-BB13-46E6325CB13F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AEC146C4-8AE8-49B3-9CF8-4C8BDE0BAEB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF98D498-CB86-4D41-91BF-2E0A82D736C8}" = lport=138 | protocol=17 | dir=in | app=system | "{B2BE4B59-DFAC-47F0-B4EC-1145E721F444}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4CD24E8-9CA5-41E3-B1C4-B5085F69027E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C7B9CA08-77E6-49D6-9B29-0229513E2ACB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7F11DE6-169C-462B-9230-0A835472F007}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEC53AA2-F9EA-46B8-B96D-09E92E8FDCB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ECBBEB14-FBBF-4B55-88B5-2B0BFCB5AFB9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EDE3BAF2-F128-463D-9CC4-DDEDBAC554E7}" = rport=137 | protocol=17 | dir=out | app=system | "{EFA0BBD3-80DF-4DDA-BB13-5F0475FE2178}" = lport=137 | protocol=17 | dir=in | app=system | "{F36C2E2B-4F5C-4851-BD6E-953D6191860C}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F1884BD-B6D3-4BBA-822F-A8F8F9D672C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{13043796-B49F-46D1-A42A-F3EA1DD7E6AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{166CF9D2-A23B-4EEE-8B28-F711912B5E7F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{1A9066DA-3F2E-419C-9629-E60F5FDDE95E}" = protocol=6 | dir=out | app=system | "{1CC77F00-868F-419A-ABF1-C25AA61F5DFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1DC85667-2913-42EF-AEC7-8ED03441EB81}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{1F54FA35-4500-42BB-8C8B-8438DB82EF84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{2834B1FD-9E14-438A-8874-67A7A6FC5550}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{346D96C5-74BF-41DD-9C4C-D085B49F2965}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{37148C10-378C-4D71-9874-E3A380595901}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\imbooster\imbooster.exe | "{3F8980AE-6F75-4C1F-A6D0-17D7E0895B5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{40EC9991-C978-4327-9043-4A8DDA45B461}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{485EC3B4-B2F3-4523-9489-1A4A184AAC03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4B7ECB0B-ABF9-4B6D-88A7-8ECA3A641478}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4CADC641-F727-4583-9671-41953A4B8DC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{518F9A2A-4B3B-40B7-8ADD-47F3075CBAFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5993BC4B-7F34-4DCC-935B-50FA63C9B910}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5ABD4CFA-55DC-49AC-924F-1A80A40DC60B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62AA3045-5437-4ECF-8C9B-F514C5234F4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C00661D-BE89-41DE-BE1B-A3D756ADCC6E}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe | "{6C92173A-EC8F-4E3E-91D4-2F8B95D14288}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{6CD797ED-E4BC-4A5F-A268-236EA8F41BFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6DB0D356-EE92-40DD-95A3-B06B673387C3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{71A78FDF-7253-440B-B8E3-C5909CDCFD91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{71B15A09-93CC-465A-9FBE-52B5A0333201}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{753F9A38-6938-4B25-AE20-E8D720293EF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{78DE5853-C3E7-4B9F-ACB4-7C06C02F5929}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe | "{863AA248-E03E-4AB2-B8A5-17CC5AA18718}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8C072831-DBBA-4CE0-A339-8B0E080A692E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{930CCA52-8601-4CC5-B1D4-CB1B64651AE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{9811C47E-18C8-4333-944D-D53D5E138FB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{984F5B7A-65EC-4739-8177-460EACD23F8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9C19384B-F398-4306-92A6-684A1E80D09A}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe | "{A2902A6C-BCFC-4C37-AC97-DA5684E1FAEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{BBA82DD0-6FDC-4D7A-BBB1-9C59847BA560}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BFC3BD0F-36C6-4402-9069-F675EF7F64FA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C3826F07-2A98-4D33-8426-FC7980EB27E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{C7B551A3-8E18-4572-82A5-9A20CEEDB8D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CFBA7366-2C82-4BE3-8272-33356E93847E}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{DA4AB927-148A-406E-A1AE-ED68C0A5F5B5}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\imbooster\imbooster.exe | "{DABEEFC9-F259-47FE-90CA-A8A26B936FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DC0E1172-7567-4C15-A34D-291E65E444C0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{DE13DC1E-C3DC-4A18-96A0-8613A2E1BBA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{E0EEEB4E-86AA-4626-8B8F-5AD23CF10CB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E2B9734D-D0D2-464E-9FC3-4F7D63C5A390}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{E2FEAEE9-2EB3-475E-99B1-61CD4E5A1682}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7680AE4-987B-4412-BD85-301DAB873F94}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe | "{EC785287-8805-4740-8A42-F212BE9E0CF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF2954DB-8216-4E9C-AD1B-6F78A46B21B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F8FA59CB-3DF9-4EE0-BBEF-EABD5E34CB33}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FF35CDA2-1CAD-4133-811E-6FF538B96EDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}" = ATI Catalyst Install Manager "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825ECBB1-2BCD-4BA5-BB46-63DB8D9ABF45}" = AVG 2013 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant "{E79A9906-B06E-4937-8B85-88F1E41A2C0C}" = AVG 2013 "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard "{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech "{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish "{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU) "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0 "{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish "{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static "{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch "{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish "{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter "{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese "{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish "{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF2D5B54-36DE-471E-B9C8-58E4B2B951C6}" = Iminent "{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework "{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All "{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation "{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese "{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista "{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FE363238-928A-113D-0318-4F7CEBB88715}" = Catalyst Control Center InstallProxy "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "DivX Setup" = DivX-Setup "EADM" = EA Download Manager "EasyBits Magic Desktop" = Magic Desktop "Foxit Creator" = Foxit Creator "Foxit Reader" = Foxit Reader "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "Glary Utilities_is1" = Glary Utilities 2.49.0.1600 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "Pixlromatic" = Pixlr-o-matic "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.2 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.06.2012 11:14:03 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4102 Error - 16.06.2012 11:14:03 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4102 Error - 16.06.2012 11:14:04 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.06.2012 11:14:04 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5116 Error - 16.06.2012 11:14:04 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5116 Error - 16.06.2012 11:14:05 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.06.2012 11:14:05 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6240 Error - 16.06.2012 11:14:05 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6240 Error - 16.06.2012 11:14:06 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.06.2012 11:14:06 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7238 Error - 16.06.2012 11:14:06 | Computer Name = charlie-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7238 Error - 16.06.2012 15:07:40 | Computer Name = charlie-HP | Source = Application Hang | ID = 1002 Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.11.24.608 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 60c Startzeit: 01cd4bf2fcec912f Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Berichts-ID: 8614f03b-b7e6-11e1-9a8d-b7db73ee4e88 Error - 17.06.2012 03:44:19 | Computer Name = charlie-HP | Source = Application Error | ID = 1000 Error - 17.06.2012 16:18:31 | Computer Name = charlie-HP | Source = Application Error | ID = 1000 [ HP Software Framework Events ] Error - 23.04.2012 10:06:09 | Computer Name = charlie-HP | Source = CaslWmi | ID = 5 Description = 2012.04.23 16:06:09.607|000010D0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 14.05.2012 03:51:48 | Computer Name = charlie-HP | Source = CaslWmi | ID = 5 Description = 2012.05.14 09:51:48.493|00001180|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 28.05.2012 04:08:04 | Computer Name = charlie-HP | Source = CaslWmi | ID = 5 Description = 2012.05.28 10:08:04.929|00001B34|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ HP Wireless Assistant Events ] Error - 24.12.2010 15:44:43 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:45:48 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:46:53 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:47:58 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:49:03 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:50:09 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:51:14 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:52:19 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:53:24 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 24.12.2010 15:54:29 | Computer Name = charlie-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() [ System Events ] Error - 02.10.2012 02:33:22 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 02:37:48 | Computer Name = charlie-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727) Error - 02.10.2012 03:46:08 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 03:47:21 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 03:47:32 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 07:47:22 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 14:07:35 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 14:30:28 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 14:31:31 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 02.10.2012 14:31:45 | Computer Name = charlie-HP | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > |
Themen zu IncrediBar Befall |
adobe, application/pdf:, autorun, avg, avg secure search, bho, bonjour, browser.exe, chip.de, converter, error, excel, explorer, firefox, flash player, flashlight, format, google, helper, home, hängt, igdpmd64.sys, iminent, install.exe, launch, mozilla, mp3, plug-in, realtek, registry, rundll, secure search, software, suchmaschine, symantec, temp, usb 2.0, visual studio, vtoolbarupdater |