|
Log-Analyse und Auswertung: Prüfen ob alles in Ordnung - Teil 2 Brief von der TelekomWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.10.2012, 17:43 | #1 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Hallo ihr, mein Ausgangsproblem habe ich bereits in dem Thread hier: http://www.trojaner-board.de/125032-...-ulpm-gen.html erläutert. Kurz gefasst: Die Telekom - mein provider - schickt mir einen Brief, dass über unsere IP Adresse ein Hackingangriff gestartet wurde. Im Endeffekt haben die mir jetzt den Port 25 gesperrt, ich kann u.a. also keine Mails mehr via Outlook senden. Da wir 3 PCS haben und von denen zu den besagten Zeitpunkten 2 am Netz waren, bitte ich euch mal über die folgenden Logs des "PC2" drüberzuschauen ob hier alles in Ordnung ist. Ich verdächtige zwar den PC1, um den es in oben genanntem Thread geht, aber man kann sich ja nie sicher sein... Die telekom teilt mir ja nur die IP Adresse mit und für mich ist nicht ersichtlich welcher Rechner letztlich dahinter steckt. Hier die Logs von PC2: Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: THOMAS-LAPTOP [Administrator] 21.10.2012 18:31:50 mbam-log-2012-10-21 (18-31-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199439 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-21 17:31:52 Windows 6.1.7600 Running: opppn0d6.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 9840 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter OTL logfile created on: 21.10.2012 16:23:45 - Run 3 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 42,78% Memory free 3,49 Gb Paging File | 1,72 Gb Available in Paging File | 49,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 142,80 Gb Free Space | 61,32% Space Free | Partition Type: NTFS Drive E: | 3,90 Gb Total Space | 3,40 Gb Free Space | 87,22% Space Free | Partition Type: FAT32 Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.04 01:29:06 | 000,165,088 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe PRC - [2010.10.11 12:07:02 | 002,271,600 | ---- | M] (creativbox.net, Torsten Leithold & Georg von Kries GbR) -- C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 17:21:57 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.15 17:20:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.15 17:20:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.09 17:26:08 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll MOD - [2012.05.09 17:15:44 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll MOD - [2012.05.09 17:15:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll MOD - [2012.05.09 17:15:32 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll MOD - [2012.05.09 16:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 16:59:13 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012.05.09 16:59:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012.05.09 16:59:09 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.09 16:57:30 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll MOD - [2012.05.09 16:57:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 16:57:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 16:57:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 16:57:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.04 01:29:04 | 001,850,880 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll MOD - [2009.07.14 19:58:14 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.09.29 22:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.14 18:38:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:17:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.08.30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.05.02 19:37:01 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 22:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.05.14 18:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 18:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.08.30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.12.12 16:11:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb139?a=6PQASKsh3i&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 6C C2 1B 76 2B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQASKsh3i&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://forum.gamersvillage.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.21 22:51:53 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.10.02 16:54:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.21 22:51:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.10.02 16:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] [2011.05.02 20:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.10.20 15:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions [2011.12.25 23:06:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.20 15:04:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.18 23:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions [2011.05.12 21:33:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.18 23:00:15 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\ffxtlbr@incredibar.com [2012.07.25 22:57:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\elhy5yky.Thomas\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.24 22:50:17 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011.05.27 16:49:09 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\searchplugins\youtube-videosuche.xml [2012.10.14 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.14 18:38:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.10 17:45:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.13 18:58:48 | 002,418,176 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll [2012.06.23 15:04:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 17:46:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 15:04:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 15:04:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 15:04:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 15:04:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKCU..\Run: [SimpleSYN.NET] C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe (creativbox.net, Torsten Leithold & Georg von Kries GbR) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk = C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18142464-BC57-41A3-B2F8-11930A39B49D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 17:11:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\OTLPE [2012.10.16 17:03:38 | 000,000,000 | ---D | C] -- C:\eeepcfr [2012.10.16 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.16 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.16 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aaaaaaaaaaaa [2012.10.14 18:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.14 11:09:13 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Google Drive [2012.10.14 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.10.14 10:25:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\handy [2012.10.10 14:57:08 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:57:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:57:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:56:27 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:56:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:56:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:56:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:56:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:56:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:56:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:56:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:56:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:56:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:56:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:55:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:54:58 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:54:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.02 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Bewerbung [2012.10.02 16:58:04 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys [2012.10.02 16:58:02 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2012.10.02 16:57:55 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.10.02 16:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2012.10.02 16:55:31 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\ForceField Shared Files [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\CheckPoint [2012.10.02 16:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.10.02 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.10.02 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.02 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.02 16:33:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.02 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.02 16:16:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\logs [2012.10.02 15:31:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.10.02 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.10.02 14:28:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2012.09.23 18:12:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 18:12:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 18:12:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 18:12:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 18:12:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 18:12:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 18:12:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 18:12:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 18:12:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 18:11:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 18:11:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 18:11:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 18:11:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 18:11:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.23 18:11:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.21 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\9928921 [2012.09.21 22:52:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\5565982_Nearest50km(2) [2012.09.21 22:52:00 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2012.09.21 22:52:00 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2012.09.21 22:52:00 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012.09.21 22:52:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2012.09.21 22:52:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC [2011.05.14 09:23:01 | 005,816,688 | ---- | C] (creativbox.net - Internet Lösungen) -- C:\Users\Thomas\SimpleSYN_21_de_DE_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.21 16:18:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.21 15:31:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.21 14:31:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.21 13:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.21 12:59:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 12:59:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 12:53:30 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2012.10.20 14:04:17 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.20 14:04:17 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.20 14:04:17 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.20 14:04:17 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.20 14:04:17 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.19 17:05:50 | 000,294,921 | ---- | M] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:21:41 | 000,515,892 | ---- | M] () -- C:\eeepcfr.zip [2012.10.15 18:16:49 | 000,180,104 | ---- | M] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.09 20:17:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 20:17:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.02 17:04:14 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:33:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | M] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:31:21 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.10.02 14:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2012.09.25 13:40:50 | 000,352,514 | ---- | M] () -- C:\Users\Thomas\Desktop\scan038.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.19 17:05:46 | 000,294,921 | ---- | C] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:25:28 | 000,515,892 | ---- | C] () -- C:\eeepcfr.zip [2012.10.15 18:16:34 | 000,180,104 | ---- | C] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.02 16:58:11 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:33:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | C] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:14 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.09.25 13:43:29 | 000,352,514 | ---- | C] () -- C:\Users\Thomas\Desktop\scan038.pdf [2012.09.21 22:52:00 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2012.09.17 16:42:58 | 000,002,839 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2012.04.19 20:56:30 | 007,215,042 | ---- | C] () -- C:\Users\Thomas\Peter Lustig Das Loblied der Latzhose.wma [2011.12.04 12:28:52 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll [2011.09.30 22:21:46 | 000,074,334 | ---- | C] () -- C:\Users\Thomas\me2.jpg [2011.08.15 18:30:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.08.15 18:30:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.11 21:32:00 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.06 17:23:45 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.05.22 13:12:41 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.21 16:10:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.21 16:10:16 | 000,002,333 | ---- | C] () -- C:\Windows\unins000.dat [2011.05.14 09:26:30 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.02 21:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.10.2012 16:23:45 - Run 3 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 42,78% Memory free 3,49 Gb Paging File | 1,72 Gb Available in Paging File | 49,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 142,80 Gb Free Space | 61,32% Space Free | Partition Type: NTFS Drive E: | 3,90 Gb Total Space | 3,40 Gb Free Space | 87,22% Space Free | Partition Type: FAT32 Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009F1993-D895-42EC-AE94-1438A33AB613}" = lport=139 | protocol=6 | dir=in | app=system | "{01950809-75A8-456A-BD5D-6D9F96C8CFCD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{03CF7DC7-3BB8-4354-8F36-5E52A337DB4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{152AF3D2-15E0-4A45-B3E9-70849B82DC2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18C45366-81AB-4FBA-A63F-73A44520EDA1}" = lport=445 | protocol=6 | dir=in | app=system | "{203410EF-3D58-412A-AACC-AB832C637293}" = rport=138 | protocol=17 | dir=out | app=system | "{2EFF417C-0944-4AF6-88EE-68C631013DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C16B16F-E8D1-4F40-B21B-C130FBAEF900}" = rport=139 | protocol=6 | dir=out | app=system | "{53469E56-6A28-4D85-BA3C-E7482D2E045E}" = lport=137 | protocol=17 | dir=in | app=system | "{5D2A7D8D-44D4-4CD9-92F1-3774B6364284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D78AD86-60C9-4DB2-B7C9-061A3980B002}" = rport=137 | protocol=17 | dir=out | app=system | "{5E9D1BA1-EE52-495C-8CB0-A20FFB2C0B46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{660CBF9F-D873-4AAB-87D6-2BB4DF748F3E}" = lport=138 | protocol=17 | dir=in | app=system | "{7753DCC0-9F0C-4306-BFDE-44A55B4C1468}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CF15ED0-1491-4433-B12E-7A8417A18B64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{853EF285-EB9E-4B53-BCA9-A859725A2F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9112B149-2A87-4D63-AD92-75D137CEC526}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95F2B770-E1C2-4C00-B44D-1B499427A558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A195CEC6-52D9-4368-A835-D9F74BFE358C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B34C9AB4-F4B5-4CC3-8796-5A2BCF879BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0CCE71E-AC5B-4CA5-8F8A-361385E40FB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4586BD9-F26A-4B2C-96B1-01BF0CBCE261}" = rport=445 | protocol=6 | dir=out | app=system | "{C85F5EE1-DDE7-43D3-99A4-A26C9F19072F}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE666F4A-0E85-4A74-8807-D5E23788A9A9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D8611E18-0011-42DC-B01D-7489FCD4BFDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0C6EEEB-0D13-451B-BA3D-B6BA2192CF72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F66806CC-7D81-4D32-BD50-A239F76F3C62}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F7E92274-6EEA-418F-B860-24CB2B56C488}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD4E9F9C-A811-4B31-97C8-C1EEEC980BEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF1930A5-46B9-41DC-B5CF-541C690A1774}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090A505C-1DC1-4080-A737-46B0AFA0E332}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{0959AB51-30D3-4C7C-A96A-363A5A4A595A}" = protocol=6 | dir=out | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{102AC434-CA28-49A3-9D4C-8EE5BC6B55B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{11DFB0D3-CF2A-4E7B-9775-1CD1ACF5CF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{16D952BC-6287-4CE5-A033-74B9A42D3CE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A160A7F-BDC5-4D3A-A848-DE540EB5A396}" = protocol=6 | dir=out | app=system | "{1CF9584E-D25A-4644-9867-375EE9707069}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{2BA62F6F-009C-4FD7-8027-97AC6250DBD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2D2761D1-02DA-4C3A-B1AF-C63ADF776112}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{35246083-F4C2-4228-858E-896F95B1DE8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{370E117D-03D1-4241-9967-B710B934E760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39533DAB-B314-49DB-96E7-A1A0B6BC9B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{42D83C5A-13B2-43FF-8A3B-CAD62BC700A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43314D40-461A-44FA-8E2A-F9238B8C7816}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{4E1F1F1B-51D8-4555-AF55-C49A14ADA8FF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{500074CD-FD47-4090-B8E8-EB6C4D750C12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{513878AC-BBAB-4FE2-8312-BEDCC5E44694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57207465-3D2B-442C-818C-AAECAD3FB513}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59CEDD5F-5803-4EF8-9C3F-D8E00FF78834}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6937002E-EAD1-46EE-99B2-08262C11B563}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{7AE0510D-AFFD-43A5-A4AA-49062E1815C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B7A981E-4AF3-4518-A645-CBDD27F5AFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7D06ED00-5C36-4912-8FC9-0C04CD212E71}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{7FF63159-6E44-4001-9465-475A0884779F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9052315F-5B7A-4C22-8E82-42666098558A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{93A6ACC7-4F63-40BE-A12A-8A71EEED6317}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{AAB1EACE-DA4D-4771-A074-53E2B6A56F22}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BED41730-D5C6-4FE9-A010-181F2780E613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0763321-0DFA-44C0-A3E1-61D10B3C0DEE}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{CB82AD16-C6DC-40CD-8D47-6F1C904E4DF3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{D53F1DD9-20E4-4551-8DB7-8775FD566F8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9792390-47C3-4B8A-8497-499193E5DBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{DB22D2C4-58AD-482D-B418-531FFD905F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEE91FD1-88A3-4068-B200-3AF18C1D3C12}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E53B5825-4288-4AA1-B834-775EBE5A6363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E7EDD54A-1B7C-4991-9B98-88EF4AD0AED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5C2F14B-5F72-4D3E-831A-27444703F563}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{FA21EA6D-FC24-47D9-A28B-CC236DB497DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5957FF87-49EA-4661-BB20-7316C86F33B1}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "TCP Query User{5BC8D985-4B80-4496-A217-3FD439955D85}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{92926689-3026-43D8-8605-8F57EE21E70A}C:\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "TCP Query User{CC1F267D-8684-4D88-915F-8EB9993448D2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{E33F7FBA-8B73-4B38-A869-E8B4AE171D72}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{00541304-62EC-4DF3-A47E-E6C9865EB5AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{4A761A5C-4349-4C1E-8FBB-030B14DF6EDF}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{AC0960DE-FADA-4CE6-B07A-E4A1BFA5E915}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "UDP Query User{C92B1C47-8E62-42CC-BF7E-34A142087E9B}C:\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "UDP Query User{D21CC1F6-B4B6-4AF1-BCB9-7D525D224A29}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager "{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64 "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "BatteryBar" = BatteryBar (remove only) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Canon SELPHY CP760" = Canon SELPHY CP760 "CCleaner" = CCleaner "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common "{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French "{4762820B-BFD0-420E-BC8F-31BEE01DC30C}" = Google Drive "{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition "{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian "{559788C7-8375-4B5E-B7BA-B5DBBD84DBB3}" = ZoneAlarm Antivirus "{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A271321-D7E2-46FE-9BF6-2CFD47556FB8}" = ZoneAlarm Firewall "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7016BF44-E81D-4F10-B59C-4C9DCC43EC8C}" = SimpleSYN 2.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian "{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0 "{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All "{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish "{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6BC900A-520A-4D95-A23F-4ED82A930609}" = ZoneAlarm Security "{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech "{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity_is1" = Audacity 1.2.6 "CamStudio" = CamStudio "CloneDVD2" = CloneDVD2 "ElsterFormular 13.1.1.8479k" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.7.1 "Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.752 "Fotosizer" = Fotosizer 1.32 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1" = Free YouTube Download version 3.0.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "GSAK_is1" = GSAK 8.0.0.133 (Final) "incredibar" = Incredibar Toolbar on IE "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "Pidgin" = Pidgin "PokerStars" = PokerStars "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2 "STRATO HiDrive" = STRATO HiDrive (remove only) "Synthesia" = Synthesia (remove only) "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "USB Audio_is1" = Ver 1.2.0 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Yahoo! Messenger" = Yahoo! Messenger "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.03.2012 05:46:31 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 61c Startzeit: 01cd0a5b171ebbcb Endzeit: 147 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 637fe81b-765f-11e1-8dff-78acc0418e0f Error - 25.03.2012 16:20:40 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0xdec Startzeit der fehlerhaften Anwendung: 0x01cd0a5ae78ff7f8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fd5ad5f1-76b7-11e1-8dff-78acc0418e0f Error - 03.04.2012 12:36:50 | Computer Name = Thomas-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_formatwandler-4.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 10.04.2012 16:53:05 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1318 Startzeit: 01cd175bc24d1b60 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 2868cc0b-834f-11e1-8db7-78acc0418e0f Error - 16.04.2012 12:50:26 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f4 Startzeit: 01cd1bf0eae2bd61 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 40fa25cd-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:50:46 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit: 01cd1bf107d277b0 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 4e2260ed-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:51:15 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cd1bf1144a8cfc Endzeit: 141 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 5a9a763a-87e4-11e1-8c5c-78acc0418e0f Error - 03.05.2012 09:44:55 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01cd293288b57e70 Endzeit: 387 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 090750ab-9526-11e1-8e1f-78acc0418e0f Error - 16.06.2012 08:36:31 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.10.7.804, Zeitstempel: 0x4e402c1e Name des fehlerhaften Moduls: VideoFileToIPOD.dll, Version: 1.7.20.808, Zeitstempel: 0x4e452895 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000131d2 ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cd4bb611bd21c7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll Berichtskennung: e5a21663-b7af-11e1-b050-78acc0418e0f Error - 23.06.2012 04:18:01 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen Error - 04.07.2012 16:37:26 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. Error - 16.07.2012 04:18:04 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen [ Media Center Events ] Error - 30.06.2012 03:44:09 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:09 - Fehler beim Herstellen der Internetverbindung. 09:44:09 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 03:44:20 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:14 - Fehler beim Herstellen der Internetverbindung. 09:44:14 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:28 - Fehler beim Herstellen der Internetverbindung. 10:44:28 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:38 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:33 - Fehler beim Herstellen der Internetverbindung. 10:44:33 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:17 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:17 - Fehler beim Herstellen der Internetverbindung. 16:30:17 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:22 - Fehler beim Herstellen der Internetverbindung. 16:30:22 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:34 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:34 - Fehler beim Herstellen der Internetverbindung. 17:30:34 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:46 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:39 - Fehler beim Herstellen der Internetverbindung. 17:30:39 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:30:51 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:51 - Fehler beim Herstellen der Internetverbindung. 18:30:51 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:31:02 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:56 - Fehler beim Herstellen der Internetverbindung. 18:30:56 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 25.08.2011 09:40:22 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 202 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 19.10.2012 13:03:06 | Computer Name = Thomas-Laptop | Source = BROWSER | ID = 8032 Description = Error - 20.10.2012 04:36:11 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.10.2012 04:38:06 | Computer Name = Thomas-Laptop | Source = WMPNetworkSvc | ID = 866300 Description = Error - 20.10.2012 18:32:12 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 21.10.2012 06:53:51 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 21.10.2012 06:55:18 | Computer Name = Thomas-Laptop | Source = WMPNetworkSvc | ID = 866300 Description = Error - 21.10.2012 06:57:11 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error - 21.10.2012 06:57:58 | Computer Name = Thomas-Laptop | Source = DCOM | ID = 10010 Description = Error - 21.10.2012 06:58:29 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error - 21.10.2012 06:58:46 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. < End of report > |
21.10.2012, 18:45 | #2 |
/// the machine /// TB-Ausbilder | Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Jetzt warten wir erstmal, denn Rechner is ist nämlich die Ursache
__________________
__________________ |
24.10.2012, 19:16 | #3 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Wie bepsorchen hier die neusten OTL logs zwecks check
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.10.2012 20:01:28 - Run 5 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 40,75% Memory free 3,49 Gb Paging File | 1,73 Gb Available in Paging File | 49,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,62 Gb Free Space | 62,53% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.04 01:29:06 | 000,165,088 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2010.10.11 12:07:02 | 002,271,600 | ---- | M] (creativbox.net, Torsten Leithold & Georg von Kries GbR) -- C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe ========== Modules (No Company Name) ========== MOD - [2012.06.16 18:02:48 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b345f2895557e6ef39b94aebdeb4a57e\System.WorkflowServices.ni.dll MOD - [2012.06.15 17:21:57 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.15 17:20:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.15 17:20:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.09 17:26:08 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll MOD - [2012.05.09 17:25:18 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b744ac6047519b7b186db4d77a78ca0c\System.ServiceModel.Web.ni.dll MOD - [2012.05.09 17:15:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f93d41cf41160cc660aea5eb8be181d6\System.IdentityModel.Selectors.ni.dll MOD - [2012.05.09 17:15:44 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll MOD - [2012.05.09 17:15:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll MOD - [2012.05.09 17:15:36 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll MOD - [2012.05.09 17:15:32 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll MOD - [2012.05.09 16:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 16:59:13 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012.05.09 16:59:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012.05.09 16:59:09 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.09 16:57:30 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll MOD - [2012.05.09 16:57:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 16:57:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 16:57:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 16:57:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.04 01:29:04 | 001,850,880 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll MOD - [2009.07.14 19:58:23 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2009.07.14 19:58:23 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2009.07.14 19:58:15 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2009.07.14 19:58:14 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.09.29 22:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.14 18:38:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:17:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.08.30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.05.02 19:37:01 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 22:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.05.14 18:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 18:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.08.30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.12.12 16:11:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb139?a=6PQASKsh3i&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 6C C2 1B 76 2B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQASKsh3i&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://forum.gamersvillage.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.21 22:51:53 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.10.02 16:54:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.21 22:51:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.10.02 16:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] [2011.05.02 20:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.10.23 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions [2011.12.25 23:06:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.20 15:04:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.18 23:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions [2011.05.12 21:33:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.18 23:00:15 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\ffxtlbr@incredibar.com [2012.07.25 22:57:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\elhy5yky.Thomas\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.24 22:50:17 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011.05.27 16:49:09 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\searchplugins\youtube-videosuche.xml [2012.10.14 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.14 18:38:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.10 17:45:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.13 18:58:48 | 002,418,176 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll [2012.06.23 15:04:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 17:46:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 15:04:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 15:04:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 15:04:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 15:04:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKCU..\Run: [SimpleSYN.NET] C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe (creativbox.net, Torsten Leithold & Georg von Kries GbR) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk = C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18142464-BC57-41A3-B2F8-11930A39B49D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 17:11:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\OTLPE [2012.10.16 17:03:38 | 000,000,000 | ---D | C] -- C:\eeepcfr [2012.10.16 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.16 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.16 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aaaaaaaaaaaa [2012.10.14 18:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.14 11:09:13 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Google Drive [2012.10.14 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.10.14 10:25:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\handy [2012.10.10 14:57:08 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:57:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:57:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:56:27 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:56:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:56:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:56:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:56:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:56:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:56:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:56:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:56:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:56:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:56:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:55:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:54:58 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:54:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.02 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Bewerbung [2012.10.02 16:58:04 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys [2012.10.02 16:58:02 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2012.10.02 16:57:55 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.10.02 16:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2012.10.02 16:55:31 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\ForceField Shared Files [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\CheckPoint [2012.10.02 16:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.10.02 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.10.02 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.02 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.02 16:33:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.02 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.02 16:16:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\logs [2012.10.02 15:31:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.10.02 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.10.02 14:28:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2011.05.14 09:23:01 | 005,816,688 | ---- | C] (creativbox.net - Internet Lösungen) -- C:\Users\Thomas\SimpleSYN_21_de_DE_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.24 19:33:57 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.24 19:33:57 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.24 19:33:57 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.24 19:33:57 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.24 19:33:57 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.24 19:31:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.24 19:18:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 16:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.24 14:31:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.24 14:20:41 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 14:20:41 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 14:10:57 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2012.10.21 18:28:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 16:59:01 | 000,302,592 | ---- | M] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:50 | 000,294,921 | ---- | M] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:21:41 | 000,515,892 | ---- | M] () -- C:\eeepcfr.zip [2012.10.15 18:16:49 | 000,180,104 | ---- | M] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.09 20:17:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 20:17:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.02 17:04:14 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | M] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:31:21 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.10.02 14:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.25 13:40:50 | 000,352,514 | ---- | M] () -- C:\Users\Thomas\Desktop\scan038.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.21 16:58:45 | 000,302,592 | ---- | C] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:46 | 000,294,921 | ---- | C] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:25:28 | 000,515,892 | ---- | C] () -- C:\eeepcfr.zip [2012.10.15 18:16:34 | 000,180,104 | ---- | C] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.02 16:58:11 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:33:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | C] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:14 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.09.25 13:43:29 | 000,352,514 | ---- | C] () -- C:\Users\Thomas\Desktop\scan038.pdf [2012.09.17 16:42:58 | 000,002,839 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2012.04.19 20:56:30 | 007,215,042 | ---- | C] () -- C:\Users\Thomas\Peter Lustig Das Loblied der Latzhose.wma [2011.12.04 12:28:52 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll [2011.09.30 22:21:46 | 000,074,334 | ---- | C] () -- C:\Users\Thomas\me2.jpg [2011.08.15 18:30:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.08.15 18:30:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.11 21:32:00 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.06 17:23:45 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.05.22 13:12:41 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.21 16:10:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.21 16:10:16 | 000,002,333 | ---- | C] () -- C:\Windows\unins000.dat [2011.05.14 09:26:30 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.02 21:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.12 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\.purple [2011.06.11 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BatteryBar [2012.10.02 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint [2012.10.24 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox [2012.10.20 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft [2011.08.26 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.08 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular [2011.12.28 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\EurekaLog [2012.09.27 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FileZilla [2011.09.25 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Garmin [2012.09.21 22:56:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gsak [2012.10.24 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gSyncit [2012.09.08 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0 [2012.05.08 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IrfanView [2012.02.01 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nokia Ovi Suite [2011.05.27 18:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2011.08.15 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PC Suite [2012.07.16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\STRATO [2012.02.01 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Synthesia [2012.02.01 18:53:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.10.2012 20:01:28 - Run 5 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 40,75% Memory free 3,49 Gb Paging File | 1,73 Gb Available in Paging File | 49,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,62 Gb Free Space | 62,53% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009F1993-D895-42EC-AE94-1438A33AB613}" = lport=139 | protocol=6 | dir=in | app=system | "{01950809-75A8-456A-BD5D-6D9F96C8CFCD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{03CF7DC7-3BB8-4354-8F36-5E52A337DB4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{152AF3D2-15E0-4A45-B3E9-70849B82DC2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18C45366-81AB-4FBA-A63F-73A44520EDA1}" = lport=445 | protocol=6 | dir=in | app=system | "{203410EF-3D58-412A-AACC-AB832C637293}" = rport=138 | protocol=17 | dir=out | app=system | "{2EFF417C-0944-4AF6-88EE-68C631013DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C16B16F-E8D1-4F40-B21B-C130FBAEF900}" = rport=139 | protocol=6 | dir=out | app=system | "{53469E56-6A28-4D85-BA3C-E7482D2E045E}" = lport=137 | protocol=17 | dir=in | app=system | "{5D2A7D8D-44D4-4CD9-92F1-3774B6364284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D78AD86-60C9-4DB2-B7C9-061A3980B002}" = rport=137 | protocol=17 | dir=out | app=system | "{5E9D1BA1-EE52-495C-8CB0-A20FFB2C0B46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{660CBF9F-D873-4AAB-87D6-2BB4DF748F3E}" = lport=138 | protocol=17 | dir=in | app=system | "{7753DCC0-9F0C-4306-BFDE-44A55B4C1468}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CF15ED0-1491-4433-B12E-7A8417A18B64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{853EF285-EB9E-4B53-BCA9-A859725A2F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9112B149-2A87-4D63-AD92-75D137CEC526}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95F2B770-E1C2-4C00-B44D-1B499427A558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A195CEC6-52D9-4368-A835-D9F74BFE358C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B34C9AB4-F4B5-4CC3-8796-5A2BCF879BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0CCE71E-AC5B-4CA5-8F8A-361385E40FB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4586BD9-F26A-4B2C-96B1-01BF0CBCE261}" = rport=445 | protocol=6 | dir=out | app=system | "{C85F5EE1-DDE7-43D3-99A4-A26C9F19072F}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE666F4A-0E85-4A74-8807-D5E23788A9A9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D8611E18-0011-42DC-B01D-7489FCD4BFDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0C6EEEB-0D13-451B-BA3D-B6BA2192CF72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F66806CC-7D81-4D32-BD50-A239F76F3C62}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F7E92274-6EEA-418F-B860-24CB2B56C488}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD4E9F9C-A811-4B31-97C8-C1EEEC980BEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF1930A5-46B9-41DC-B5CF-541C690A1774}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090A505C-1DC1-4080-A737-46B0AFA0E332}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{0959AB51-30D3-4C7C-A96A-363A5A4A595A}" = protocol=6 | dir=out | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{102AC434-CA28-49A3-9D4C-8EE5BC6B55B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{11DFB0D3-CF2A-4E7B-9775-1CD1ACF5CF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{16D952BC-6287-4CE5-A033-74B9A42D3CE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A160A7F-BDC5-4D3A-A848-DE540EB5A396}" = protocol=6 | dir=out | app=system | "{1CF9584E-D25A-4644-9867-375EE9707069}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{2BA62F6F-009C-4FD7-8027-97AC6250DBD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2D2761D1-02DA-4C3A-B1AF-C63ADF776112}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{35246083-F4C2-4228-858E-896F95B1DE8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{370E117D-03D1-4241-9967-B710B934E760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39533DAB-B314-49DB-96E7-A1A0B6BC9B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{42D83C5A-13B2-43FF-8A3B-CAD62BC700A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43314D40-461A-44FA-8E2A-F9238B8C7816}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{4E1F1F1B-51D8-4555-AF55-C49A14ADA8FF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{500074CD-FD47-4090-B8E8-EB6C4D750C12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{513878AC-BBAB-4FE2-8312-BEDCC5E44694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57207465-3D2B-442C-818C-AAECAD3FB513}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59CEDD5F-5803-4EF8-9C3F-D8E00FF78834}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6937002E-EAD1-46EE-99B2-08262C11B563}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{7AE0510D-AFFD-43A5-A4AA-49062E1815C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B7A981E-4AF3-4518-A645-CBDD27F5AFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7D06ED00-5C36-4912-8FC9-0C04CD212E71}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{7FF63159-6E44-4001-9465-475A0884779F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9052315F-5B7A-4C22-8E82-42666098558A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{93A6ACC7-4F63-40BE-A12A-8A71EEED6317}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{AAB1EACE-DA4D-4771-A074-53E2B6A56F22}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BED41730-D5C6-4FE9-A010-181F2780E613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0763321-0DFA-44C0-A3E1-61D10B3C0DEE}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{CB82AD16-C6DC-40CD-8D47-6F1C904E4DF3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{D53F1DD9-20E4-4551-8DB7-8775FD566F8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9792390-47C3-4B8A-8497-499193E5DBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{DB22D2C4-58AD-482D-B418-531FFD905F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEE91FD1-88A3-4068-B200-3AF18C1D3C12}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E53B5825-4288-4AA1-B834-775EBE5A6363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E7EDD54A-1B7C-4991-9B98-88EF4AD0AED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5C2F14B-5F72-4D3E-831A-27444703F563}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{FA21EA6D-FC24-47D9-A28B-CC236DB497DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5957FF87-49EA-4661-BB20-7316C86F33B1}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "TCP Query User{5BC8D985-4B80-4496-A217-3FD439955D85}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{92926689-3026-43D8-8605-8F57EE21E70A}C:\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "TCP Query User{CC1F267D-8684-4D88-915F-8EB9993448D2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{E33F7FBA-8B73-4B38-A869-E8B4AE171D72}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{00541304-62EC-4DF3-A47E-E6C9865EB5AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{4A761A5C-4349-4C1E-8FBB-030B14DF6EDF}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{AC0960DE-FADA-4CE6-B07A-E4A1BFA5E915}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "UDP Query User{C92B1C47-8E62-42CC-BF7E-34A142087E9B}C:\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "UDP Query User{D21CC1F6-B4B6-4AF1-BCB9-7D525D224A29}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager "{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64 "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "BatteryBar" = BatteryBar (remove only) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Canon SELPHY CP760" = Canon SELPHY CP760 "CCleaner" = CCleaner "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common "{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French "{4762820B-BFD0-420E-BC8F-31BEE01DC30C}" = Google Drive "{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition "{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian "{559788C7-8375-4B5E-B7BA-B5DBBD84DBB3}" = ZoneAlarm Antivirus "{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A271321-D7E2-46FE-9BF6-2CFD47556FB8}" = ZoneAlarm Firewall "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7016BF44-E81D-4F10-B59C-4C9DCC43EC8C}" = SimpleSYN 2.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian "{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0 "{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All "{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish "{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6BC900A-520A-4D95-A23F-4ED82A930609}" = ZoneAlarm Security "{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech "{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity_is1" = Audacity 1.2.6 "CamStudio" = CamStudio "CloneDVD2" = CloneDVD2 "ElsterFormular 13.1.1.8479k" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.7.1 "Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.752 "Fotosizer" = Fotosizer 1.32 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1" = Free YouTube Download version 3.0.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "GSAK_is1" = GSAK 8.0.0.133 (Final) "incredibar" = Incredibar Toolbar on IE "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "Pidgin" = Pidgin "PokerStars" = PokerStars "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2 "STRATO HiDrive" = STRATO HiDrive (remove only) "Synthesia" = Synthesia (remove only) "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "USB Audio_is1" = Ver 1.2.0 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Yahoo! Messenger" = Yahoo! Messenger "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.03.2012 05:46:31 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 61c Startzeit: 01cd0a5b171ebbcb Endzeit: 147 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 637fe81b-765f-11e1-8dff-78acc0418e0f Error - 25.03.2012 16:20:40 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0xdec Startzeit der fehlerhaften Anwendung: 0x01cd0a5ae78ff7f8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fd5ad5f1-76b7-11e1-8dff-78acc0418e0f Error - 03.04.2012 12:36:50 | Computer Name = Thomas-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_formatwandler-4.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 10.04.2012 16:53:05 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1318 Startzeit: 01cd175bc24d1b60 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 2868cc0b-834f-11e1-8db7-78acc0418e0f Error - 16.04.2012 12:50:26 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f4 Startzeit: 01cd1bf0eae2bd61 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 40fa25cd-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:50:46 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit: 01cd1bf107d277b0 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 4e2260ed-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:51:15 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cd1bf1144a8cfc Endzeit: 141 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 5a9a763a-87e4-11e1-8c5c-78acc0418e0f Error - 03.05.2012 09:44:55 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01cd293288b57e70 Endzeit: 387 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 090750ab-9526-11e1-8e1f-78acc0418e0f Error - 16.06.2012 08:36:31 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.10.7.804, Zeitstempel: 0x4e402c1e Name des fehlerhaften Moduls: VideoFileToIPOD.dll, Version: 1.7.20.808, Zeitstempel: 0x4e452895 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000131d2 ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cd4bb611bd21c7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll Berichtskennung: e5a21663-b7af-11e1-b050-78acc0418e0f Error - 23.06.2012 04:18:01 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen Error - 04.07.2012 16:37:26 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. Error - 16.07.2012 04:18:04 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen [ Media Center Events ] Error - 30.06.2012 03:44:09 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:09 - Fehler beim Herstellen der Internetverbindung. 09:44:09 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 03:44:20 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:14 - Fehler beim Herstellen der Internetverbindung. 09:44:14 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:28 - Fehler beim Herstellen der Internetverbindung. 10:44:28 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:38 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:33 - Fehler beim Herstellen der Internetverbindung. 10:44:33 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:17 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:17 - Fehler beim Herstellen der Internetverbindung. 16:30:17 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:22 - Fehler beim Herstellen der Internetverbindung. 16:30:22 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:34 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:34 - Fehler beim Herstellen der Internetverbindung. 17:30:34 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:46 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:39 - Fehler beim Herstellen der Internetverbindung. 17:30:39 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:30:51 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:51 - Fehler beim Herstellen der Internetverbindung. 18:30:51 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:31:02 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:56 - Fehler beim Herstellen der Internetverbindung. 18:30:56 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 25.08.2011 09:40:22 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 202 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 21.10.2012 06:58:29 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error - 21.10.2012 06:58:46 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. Error - 22.10.2012 08:35:23 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.10.2012 11:31:40 | Computer Name = Thomas-Laptop | Source = bowser | ID = 8003 Description = Error - 22.10.2012 16:10:53 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 23.10.2012 14:09:15 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 23.10.2012 15:25:08 | Computer Name = Thomas-Laptop | Source = DCOM | ID = 10010 Description = Error - 24.10.2012 08:11:16 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.10.2012 10:05:14 | Computer Name = Thomas-Laptop | Source = bowser | ID = 8003 Description = Error - 24.10.2012 10:12:22 | Computer Name = Thomas-Laptop | Source = BROWSER | ID = 8032 Description = < End of report > |
24.10.2012, 19:18 | #4 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom sorry - doppelpost war nicht beabsichtigt... mein Firefox hats doppelt abgesendet? |
25.10.2012, 07:05 | #5 |
/// the machine /// TB-Ausbilder | Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Kein Problem Downloade Dir bitte AdwCleaner auf deinen Desktop.
Und ein frisches OTL log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 16:35 | #6 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom logs siehe anhang |
25.10.2012, 18:41 | #7 |
/// the machine /// TB-Ausbilder | Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Bitte keine Logs anhängen, das macht das Auswerten unmöglich. Bitte poste sie in den Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 18:47 | #8 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom ok. dann muss ich doppelposten.. die logs sind zu lang... AWD R1 Code:
ATTFilter # AdwCleaner v2.005 - Datei am 25/10/2012 um 16:44:12 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows 7 Ultimate (64 bits) # Benutzer : Thomas - THOMAS-LAPTOP # Bootmodus : Normal # Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\elhy5yky.Thomas\searchplugins\MyStart Search.xml Ordner Gefunden : C:\Program Files (x86)\incredibar.com Ordner Gefunden : C:\Program Files\Web Assistant Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Premium Ordner Gefunden : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\h0q3jeed.default\extensions\ffxtlbr@incredibar.com ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\incredibar.com Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\Software\incredibar.com Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gefunden : HKLM\Software\Web Assistant Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant Schlüssel Gefunden : HKU\S-1-5-21-3545695792-1815596785-425868187-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-3545695792-1815596785-425868187-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb139?a=6PQASKsh3i&i=26 -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\h0q3jeed.default\prefs.js [OK] Die Datei ist sauber. Profilname : Thomas [Profil par défaut] Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\elhy5yky.Thomas\prefs.js Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search"); Gefunden : user_pref("extensions.incredibar.admin", false); Gefunden : user_pref("extensions.incredibar.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar.cntry", "DE"); Gefunden : user_pref("extensions.incredibar.dfltLng", ""); Gefunden : user_pref("extensions.incredibar.dfltSrch", false); Gefunden : user_pref("extensions.incredibar.did", "10650"); Gefunden : user_pref("extensions.incredibar.envrmnt", "production"); Gefunden : user_pref("extensions.incredibar.excTlbr", false); Gefunden : user_pref("extensions.incredibar.hdrMd5", "0FE5EE8E697C2F7984B893C8B37AE79E"); Gefunden : user_pref("extensions.incredibar.hmpg", false); Gefunden : user_pref("extensions.incredibar.id", "922fd13e000000000000ac81121ddde2"); Gefunden : user_pref("extensions.incredibar.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar.instlDay", "15509"); Gefunden : user_pref("extensions.incredibar.instlRef", ""); Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true); Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:00:16"); Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gefunden : user_pref("extensions.incredibar.newTab", false); Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false); Gefunden : user_pref("extensions.incredibar.ppd", "95%5F3"); Gefunden : user_pref("extensions.incredibar.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar.productid", "26"); Gefunden : user_pref("extensions.incredibar.propectorlck", 78680213); Gefunden : user_pref("extensions.incredibar.prtkHmpg", 1); Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar.sg", "none"); Gefunden : user_pref("extensions.incredibar.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQASKsh3i&loc=IB_T[...] Gefunden : user_pref("extensions.incredibar.upn2", "6PQASKsh3i"); Gefunden : user_pref("extensions.incredibar.upn2n", "92543083588037968"); Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:00:16"); Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar_i.dfltLng", ""); Gefunden : user_pref("extensions.incredibar_i.did", "10650"); Gefunden : user_pref("extensions.incredibar_i.excTlbr", false); Gefunden : user_pref("extensions.incredibar_i.id", "922fd13e000000000000ac81121ddde2"); Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar_i.instlDay", "15509"); Gefunden : user_pref("extensions.incredibar_i.instlRef", ""); Gefunden : user_pref("extensions.incredibar_i.ms_url_id", ""); Gefunden : user_pref("extensions.incredibar_i.newTab", false); Gefunden : user_pref("extensions.incredibar_i.ppd", "95%5F3"); Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar_i.productid", "26"); Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQASKsh3i&loc=IB[...] Gefunden : user_pref("extensions.incredibar_i.upn2", "6PQASKsh3i"); Gefunden : user_pref("extensions.incredibar_i.upn2n", "92543083588037968"); Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:00:16"); Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [15220 octets] - [25/10/2012 16:44:12] ########## EOF - C:\AdwCleaner[R1].txt - [15281 octets] ########## Code:
ATTFilter # AdwCleaner v2.005 - Datei am 25/10/2012 um 16:44:59 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows 7 Ultimate (64 bits) # Benutzer : Thomas - THOMAS-LAPTOP # Bootmodus : Normal # Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\elhy5yky.Thomas\searchplugins\MyStart Search.xml Ordner Gelöscht : C:\Program Files (x86)\incredibar.com Ordner Gelöscht : C:\Program Files\Web Assistant Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\h0q3jeed.default\extensions\ffxtlbr@incredibar.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\incredibar.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\Software\incredibar.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\Software\Web Assistant Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb139?a=6PQASKsh3i&i=26 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\h0q3jeed.default\prefs.js C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\h0q3jeed.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. Profilname : Thomas [Profil par défaut] Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\elhy5yky.Thomas\prefs.js C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\elhy5yky.Thomas\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search"); Gelöscht : user_pref("extensions.incredibar.admin", false); Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar.cntry", "DE"); Gelöscht : user_pref("extensions.incredibar.dfltLng", ""); Gelöscht : user_pref("extensions.incredibar.dfltSrch", false); Gelöscht : user_pref("extensions.incredibar.did", "10650"); Gelöscht : user_pref("extensions.incredibar.envrmnt", "production"); Gelöscht : user_pref("extensions.incredibar.excTlbr", false); Gelöscht : user_pref("extensions.incredibar.hdrMd5", "0FE5EE8E697C2F7984B893C8B37AE79E"); Gelöscht : user_pref("extensions.incredibar.hmpg", false); Gelöscht : user_pref("extensions.incredibar.id", "922fd13e000000000000ac81121ddde2"); Gelöscht : user_pref("extensions.incredibar.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar.instlDay", "15509"); Gelöscht : user_pref("extensions.incredibar.instlRef", ""); Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true); Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:00:16"); Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gelöscht : user_pref("extensions.incredibar.newTab", false); Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false); Gelöscht : user_pref("extensions.incredibar.ppd", "95%5F3"); Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar.productid", "26"); Gelöscht : user_pref("extensions.incredibar.propectorlck", 78680213); Gelöscht : user_pref("extensions.incredibar.prtkHmpg", 1); Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar.sg", "none"); Gelöscht : user_pref("extensions.incredibar.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQASKsh3i&loc=IB_T[...] Gelöscht : user_pref("extensions.incredibar.upn2", "6PQASKsh3i"); Gelöscht : user_pref("extensions.incredibar.upn2n", "92543083588037968"); Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:00:16"); Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar_i.dfltLng", ""); Gelöscht : user_pref("extensions.incredibar_i.did", "10650"); Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false); Gelöscht : user_pref("extensions.incredibar_i.id", "922fd13e000000000000ac81121ddde2"); Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15509"); Gelöscht : user_pref("extensions.incredibar_i.instlRef", ""); Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", ""); Gelöscht : user_pref("extensions.incredibar_i.newTab", false); Gelöscht : user_pref("extensions.incredibar_i.ppd", "95%5F3"); Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar_i.productid", "26"); Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQASKsh3i&loc=IB[...] Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQASKsh3i"); Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92543083588037968"); Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:00:16"); Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [15303 octets] - [25/10/2012 16:44:12] AdwCleaner[S1].txt - [15111 octets] - [25/10/2012 16:44:59] ########## EOF - C:\AdwCleaner[S1].txt - [15172 octets] ########## |
25.10.2012, 18:49 | #9 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom sowie OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2012 16:50:50 - Run 6 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free 3,49 Gb Paging File | 1,85 Gb Available in Paging File | 53,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,49 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.10.02 09:42:30 | 015,687,032 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.04 01:29:06 | 000,165,088 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2010.10.11 12:07:02 | 002,271,600 | ---- | M] (creativbox.net, Torsten Leithold & Georg von Kries GbR) -- C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe ========== Modules (No Company Name) ========== MOD - [2012.10.25 16:47:47 | 001,024,024 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\windows._cacheinvalidation.pyd MOD - [2012.10.25 16:47:47 | 000,792,576 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._gdi_.pyd MOD - [2012.10.25 16:47:47 | 000,731,136 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._misc_.pyd MOD - [2012.10.25 16:47:47 | 000,645,120 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_ssl.pyd MOD - [2012.10.25 16:47:47 | 000,571,392 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pysqlite2._sqlite.pyd MOD - [2012.10.25 16:47:47 | 000,354,304 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pythoncom26.dll MOD - [2012.10.25 16:47:47 | 000,263,168 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32com.shell.shell.pyd MOD - [2012.10.25 16:47:47 | 000,110,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32security.pyd MOD - [2012.10.25 16:47:47 | 000,096,256 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32api.pyd MOD - [2012.10.25 16:47:47 | 000,086,016 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_elementtree.pyd MOD - [2012.10.25 16:47:47 | 000,073,728 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_ctypes.pyd MOD - [2012.10.25 16:47:47 | 000,070,656 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._html2.pyd MOD - [2012.10.25 16:47:47 | 000,040,448 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_socket.pyd MOD - [2012.10.25 16:47:47 | 000,022,528 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32pdh.pyd MOD - [2012.10.25 16:47:47 | 000,011,776 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32crypt.pyd MOD - [2012.10.25 16:47:45 | 001,169,408 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._core_.pyd MOD - [2012.10.25 16:47:45 | 000,807,424 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._windows_.pyd MOD - [2012.10.25 16:47:45 | 000,311,808 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_hashlib.pyd MOD - [2012.10.25 16:47:45 | 000,121,856 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._wizard.pyd MOD - [2012.10.25 16:47:45 | 000,111,104 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32file.pyd MOD - [2012.10.25 16:47:45 | 000,110,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pywintypes26.dll MOD - [2012.10.25 16:47:45 | 000,039,424 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32inet.pyd MOD - [2012.10.25 16:47:45 | 000,036,352 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32process.pyd MOD - [2012.10.25 16:47:43 | 001,056,256 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._controls_.pyd MOD - [2012.10.25 16:47:43 | 000,585,728 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\unicodedata.pyd MOD - [2012.10.25 16:47:43 | 000,153,088 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pyexpat.pyd MOD - [2012.10.25 16:47:43 | 000,017,920 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32event.pyd MOD - [2012.10.25 16:47:43 | 000,011,776 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\select.pyd MOD - [2012.06.15 17:20:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.15 17:20:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012.05.09 17:26:08 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll MOD - [2012.05.09 17:15:44 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll MOD - [2012.05.09 17:15:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll MOD - [2012.05.09 17:15:32 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll MOD - [2012.05.09 16:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 16:59:13 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012.05.09 16:59:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012.05.09 16:59:09 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.09 16:57:30 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll MOD - [2012.05.09 16:57:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 16:57:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 16:57:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 16:57:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.04 01:29:04 | 001,850,880 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll MOD - [2009.07.14 19:58:14 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.09.29 22:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.14 18:38:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:17:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Stopped] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.05.02 19:37:01 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 22:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.05.14 18:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 18:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.08.30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.12.12 16:11:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 6C C2 1B 76 2B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://forum.gamersvillage.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.10.02 16:54:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.10.02 16:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] [2011.05.02 20:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.10.23 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions [2011.12.25 23:06:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.20 15:04:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.25 16:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions [2011.05.12 21:33:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.25 22:57:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\elhy5yky.Thomas\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.24 22:50:17 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011.05.27 16:49:09 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\searchplugins\youtube-videosuche.xml [2012.10.14 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.14 18:38:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.10 17:45:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.13 18:58:48 | 002,418,176 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll [2012.06.23 15:04:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 17:46:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 15:04:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 15:04:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 15:04:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 15:04:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKCU..\Run: [SimpleSYN.NET] C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe (creativbox.net, Torsten Leithold & Georg von Kries GbR) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk = C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18142464-BC57-41A3-B2F8-11930A39B49D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 17:11:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\OTLPE [2012.10.16 17:03:38 | 000,000,000 | ---D | C] -- C:\eeepcfr [2012.10.16 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.16 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.16 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aaaaaaaaaaaa [2012.10.14 18:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.14 11:09:13 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Google Drive [2012.10.14 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.10.14 10:25:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\handy [2012.10.10 14:57:08 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:57:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:57:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:56:27 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:56:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:56:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:56:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:56:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:56:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:56:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:56:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:56:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:56:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:56:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:55:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:54:58 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:54:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.02 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Bewerbung [2012.10.02 16:58:04 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys [2012.10.02 16:58:02 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2012.10.02 16:57:55 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.10.02 16:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2012.10.02 16:55:31 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\ForceField Shared Files [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\CheckPoint [2012.10.02 16:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.10.02 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.10.02 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.02 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.02 16:33:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.02 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.02 16:16:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\logs [2012.10.02 15:31:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.10.02 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.10.02 14:28:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2011.05.14 09:23:01 | 005,816,688 | ---- | C] (creativbox.net - Internet Lösungen) -- C:\Users\Thomas\SimpleSYN_21_de_DE_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.25 16:54:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:54:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:47:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.25 16:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.25 16:46:51 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2012.10.25 16:42:51 | 000,538,941 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe [2012.10.25 16:31:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.25 16:18:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 19:33:57 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.24 19:33:57 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.24 19:33:57 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.24 19:33:57 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.24 19:33:57 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.21 18:28:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 16:59:01 | 000,302,592 | ---- | M] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:50 | 000,294,921 | ---- | M] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:21:41 | 000,515,892 | ---- | M] () -- C:\eeepcfr.zip [2012.10.15 18:16:49 | 000,180,104 | ---- | M] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.09 20:17:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 20:17:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.02 17:04:14 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | M] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:31:21 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.10.02 14:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.25 16:42:26 | 000,538,941 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe [2012.10.21 16:58:45 | 000,302,592 | ---- | C] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:46 | 000,294,921 | ---- | C] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:25:28 | 000,515,892 | ---- | C] () -- C:\eeepcfr.zip [2012.10.15 18:16:34 | 000,180,104 | ---- | C] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.02 16:58:11 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:33:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | C] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:14 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.09.17 16:42:58 | 000,002,839 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2012.04.19 20:56:30 | 007,215,042 | ---- | C] () -- C:\Users\Thomas\Peter Lustig Das Loblied der Latzhose.wma [2011.12.04 12:28:52 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll [2011.09.30 22:21:46 | 000,074,334 | ---- | C] () -- C:\Users\Thomas\me2.jpg [2011.08.15 18:30:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.08.15 18:30:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.11 21:32:00 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.06 17:23:45 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.05.22 13:12:41 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.21 16:10:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.21 16:10:16 | 000,002,333 | ---- | C] () -- C:\Windows\unins000.dat [2011.05.14 09:26:30 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.02 21:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.10.2012 16:50:50 - Run 6 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free 3,49 Gb Paging File | 1,85 Gb Available in Paging File | 53,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,49 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009F1993-D895-42EC-AE94-1438A33AB613}" = lport=139 | protocol=6 | dir=in | app=system | "{01950809-75A8-456A-BD5D-6D9F96C8CFCD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{03CF7DC7-3BB8-4354-8F36-5E52A337DB4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{152AF3D2-15E0-4A45-B3E9-70849B82DC2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18C45366-81AB-4FBA-A63F-73A44520EDA1}" = lport=445 | protocol=6 | dir=in | app=system | "{203410EF-3D58-412A-AACC-AB832C637293}" = rport=138 | protocol=17 | dir=out | app=system | "{2EFF417C-0944-4AF6-88EE-68C631013DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C16B16F-E8D1-4F40-B21B-C130FBAEF900}" = rport=139 | protocol=6 | dir=out | app=system | "{53469E56-6A28-4D85-BA3C-E7482D2E045E}" = lport=137 | protocol=17 | dir=in | app=system | "{5D2A7D8D-44D4-4CD9-92F1-3774B6364284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D78AD86-60C9-4DB2-B7C9-061A3980B002}" = rport=137 | protocol=17 | dir=out | app=system | "{5E9D1BA1-EE52-495C-8CB0-A20FFB2C0B46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{660CBF9F-D873-4AAB-87D6-2BB4DF748F3E}" = lport=138 | protocol=17 | dir=in | app=system | "{7753DCC0-9F0C-4306-BFDE-44A55B4C1468}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CF15ED0-1491-4433-B12E-7A8417A18B64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{853EF285-EB9E-4B53-BCA9-A859725A2F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9112B149-2A87-4D63-AD92-75D137CEC526}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95F2B770-E1C2-4C00-B44D-1B499427A558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A195CEC6-52D9-4368-A835-D9F74BFE358C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B34C9AB4-F4B5-4CC3-8796-5A2BCF879BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0CCE71E-AC5B-4CA5-8F8A-361385E40FB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4586BD9-F26A-4B2C-96B1-01BF0CBCE261}" = rport=445 | protocol=6 | dir=out | app=system | "{C85F5EE1-DDE7-43D3-99A4-A26C9F19072F}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE666F4A-0E85-4A74-8807-D5E23788A9A9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D8611E18-0011-42DC-B01D-7489FCD4BFDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0C6EEEB-0D13-451B-BA3D-B6BA2192CF72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F66806CC-7D81-4D32-BD50-A239F76F3C62}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F7E92274-6EEA-418F-B860-24CB2B56C488}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD4E9F9C-A811-4B31-97C8-C1EEEC980BEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF1930A5-46B9-41DC-B5CF-541C690A1774}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090A505C-1DC1-4080-A737-46B0AFA0E332}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{0959AB51-30D3-4C7C-A96A-363A5A4A595A}" = protocol=6 | dir=out | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{102AC434-CA28-49A3-9D4C-8EE5BC6B55B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{11DFB0D3-CF2A-4E7B-9775-1CD1ACF5CF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{16D952BC-6287-4CE5-A033-74B9A42D3CE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A160A7F-BDC5-4D3A-A848-DE540EB5A396}" = protocol=6 | dir=out | app=system | "{1CF9584E-D25A-4644-9867-375EE9707069}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{2BA62F6F-009C-4FD7-8027-97AC6250DBD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2D2761D1-02DA-4C3A-B1AF-C63ADF776112}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{35246083-F4C2-4228-858E-896F95B1DE8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{370E117D-03D1-4241-9967-B710B934E760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39533DAB-B314-49DB-96E7-A1A0B6BC9B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{42D83C5A-13B2-43FF-8A3B-CAD62BC700A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43314D40-461A-44FA-8E2A-F9238B8C7816}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{4E1F1F1B-51D8-4555-AF55-C49A14ADA8FF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{500074CD-FD47-4090-B8E8-EB6C4D750C12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{513878AC-BBAB-4FE2-8312-BEDCC5E44694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57207465-3D2B-442C-818C-AAECAD3FB513}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59CEDD5F-5803-4EF8-9C3F-D8E00FF78834}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6937002E-EAD1-46EE-99B2-08262C11B563}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{7AE0510D-AFFD-43A5-A4AA-49062E1815C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B7A981E-4AF3-4518-A645-CBDD27F5AFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7D06ED00-5C36-4912-8FC9-0C04CD212E71}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{7FF63159-6E44-4001-9465-475A0884779F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9052315F-5B7A-4C22-8E82-42666098558A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{93A6ACC7-4F63-40BE-A12A-8A71EEED6317}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{AAB1EACE-DA4D-4771-A074-53E2B6A56F22}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BED41730-D5C6-4FE9-A010-181F2780E613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0763321-0DFA-44C0-A3E1-61D10B3C0DEE}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{CB82AD16-C6DC-40CD-8D47-6F1C904E4DF3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{D53F1DD9-20E4-4551-8DB7-8775FD566F8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9792390-47C3-4B8A-8497-499193E5DBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{DB22D2C4-58AD-482D-B418-531FFD905F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEE91FD1-88A3-4068-B200-3AF18C1D3C12}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E53B5825-4288-4AA1-B834-775EBE5A6363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E7EDD54A-1B7C-4991-9B98-88EF4AD0AED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5C2F14B-5F72-4D3E-831A-27444703F563}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{FA21EA6D-FC24-47D9-A28B-CC236DB497DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5957FF87-49EA-4661-BB20-7316C86F33B1}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "TCP Query User{5BC8D985-4B80-4496-A217-3FD439955D85}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{92926689-3026-43D8-8605-8F57EE21E70A}C:\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "TCP Query User{CC1F267D-8684-4D88-915F-8EB9993448D2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{E33F7FBA-8B73-4B38-A869-E8B4AE171D72}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{00541304-62EC-4DF3-A47E-E6C9865EB5AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{4A761A5C-4349-4C1E-8FBB-030B14DF6EDF}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{AC0960DE-FADA-4CE6-B07A-E4A1BFA5E915}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "UDP Query User{C92B1C47-8E62-42CC-BF7E-34A142087E9B}C:\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "UDP Query User{D21CC1F6-B4B6-4AF1-BCB9-7D525D224A29}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager "{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "BatteryBar" = BatteryBar (remove only) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Canon SELPHY CP760" = Canon SELPHY CP760 "CCleaner" = CCleaner "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common "{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French "{4762820B-BFD0-420E-BC8F-31BEE01DC30C}" = Google Drive "{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition "{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian "{559788C7-8375-4B5E-B7BA-B5DBBD84DBB3}" = ZoneAlarm Antivirus "{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A271321-D7E2-46FE-9BF6-2CFD47556FB8}" = ZoneAlarm Firewall "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7016BF44-E81D-4F10-B59C-4C9DCC43EC8C}" = SimpleSYN 2.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian "{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0 "{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All "{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish "{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6BC900A-520A-4D95-A23F-4ED82A930609}" = ZoneAlarm Security "{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech "{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity_is1" = Audacity 1.2.6 "CamStudio" = CamStudio "CloneDVD2" = CloneDVD2 "ElsterFormular 13.1.1.8479k" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.7.1 "Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.752 "Fotosizer" = Fotosizer 1.32 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1" = Free YouTube Download version 3.0.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "GSAK_is1" = GSAK 8.0.0.133 (Final) "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "Pidgin" = Pidgin "PokerStars" = PokerStars "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2 "STRATO HiDrive" = STRATO HiDrive (remove only) "Synthesia" = Synthesia (remove only) "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "USB Audio_is1" = Ver 1.2.0 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Yahoo! Messenger" = Yahoo! Messenger "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.03.2012 05:46:31 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 61c Startzeit: 01cd0a5b171ebbcb Endzeit: 147 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 637fe81b-765f-11e1-8dff-78acc0418e0f Error - 25.03.2012 16:20:40 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0xdec Startzeit der fehlerhaften Anwendung: 0x01cd0a5ae78ff7f8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fd5ad5f1-76b7-11e1-8dff-78acc0418e0f Error - 03.04.2012 12:36:50 | Computer Name = Thomas-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_formatwandler-4.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 10.04.2012 16:53:05 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1318 Startzeit: 01cd175bc24d1b60 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 2868cc0b-834f-11e1-8db7-78acc0418e0f Error - 16.04.2012 12:50:26 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f4 Startzeit: 01cd1bf0eae2bd61 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 40fa25cd-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:50:46 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit: 01cd1bf107d277b0 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 4e2260ed-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:51:15 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cd1bf1144a8cfc Endzeit: 141 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 5a9a763a-87e4-11e1-8c5c-78acc0418e0f Error - 03.05.2012 09:44:55 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01cd293288b57e70 Endzeit: 387 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 090750ab-9526-11e1-8e1f-78acc0418e0f Error - 16.06.2012 08:36:31 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.10.7.804, Zeitstempel: 0x4e402c1e Name des fehlerhaften Moduls: VideoFileToIPOD.dll, Version: 1.7.20.808, Zeitstempel: 0x4e452895 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000131d2 ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cd4bb611bd21c7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll Berichtskennung: e5a21663-b7af-11e1-b050-78acc0418e0f Error - 23.06.2012 04:18:01 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen Error - 04.07.2012 16:37:26 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. Error - 16.07.2012 04:18:04 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen [ Media Center Events ] Error - 30.06.2012 03:44:09 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:09 - Fehler beim Herstellen der Internetverbindung. 09:44:09 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 03:44:20 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:14 - Fehler beim Herstellen der Internetverbindung. 09:44:14 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:28 - Fehler beim Herstellen der Internetverbindung. 10:44:28 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:38 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:33 - Fehler beim Herstellen der Internetverbindung. 10:44:33 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:17 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:17 - Fehler beim Herstellen der Internetverbindung. 16:30:17 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:22 - Fehler beim Herstellen der Internetverbindung. 16:30:22 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:34 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:34 - Fehler beim Herstellen der Internetverbindung. 17:30:34 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:46 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:39 - Fehler beim Herstellen der Internetverbindung. 17:30:39 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:30:51 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:51 - Fehler beim Herstellen der Internetverbindung. 18:30:51 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:31:02 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:56 - Fehler beim Herstellen der Internetverbindung. 18:30:56 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 25.08.2011 09:40:22 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 202 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.10.2012 08:11:16 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.10.2012 10:05:14 | Computer Name = Thomas-Laptop | Source = bowser | ID = 8003 Description = Error - 24.10.2012 10:12:22 | Computer Name = Thomas-Laptop | Source = BROWSER | ID = 8032 Description = Error - 24.10.2012 15:38:55 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:00:41 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:01:21 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst STRATO HiDrive Service erreicht. Error - 25.10.2012 10:01:21 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "STRATO HiDrive Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 25.10.2012 10:47:10 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:47:50 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst STRATO HiDrive Service erreicht. Error - 25.10.2012 10:47:50 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "STRATO HiDrive Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
25.10.2012, 18:50 | #10 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom sowie OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2012 16:50:50 - Run 6 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free 3,49 Gb Paging File | 1,85 Gb Available in Paging File | 53,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,49 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.10.02 09:42:30 | 015,687,032 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.04 01:29:06 | 000,165,088 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2010.10.11 12:07:02 | 002,271,600 | ---- | M] (creativbox.net, Torsten Leithold & Georg von Kries GbR) -- C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe ========== Modules (No Company Name) ========== MOD - [2012.10.25 16:47:47 | 001,024,024 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\windows._cacheinvalidation.pyd MOD - [2012.10.25 16:47:47 | 000,792,576 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._gdi_.pyd MOD - [2012.10.25 16:47:47 | 000,731,136 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._misc_.pyd MOD - [2012.10.25 16:47:47 | 000,645,120 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_ssl.pyd MOD - [2012.10.25 16:47:47 | 000,571,392 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pysqlite2._sqlite.pyd MOD - [2012.10.25 16:47:47 | 000,354,304 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pythoncom26.dll MOD - [2012.10.25 16:47:47 | 000,263,168 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32com.shell.shell.pyd MOD - [2012.10.25 16:47:47 | 000,110,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32security.pyd MOD - [2012.10.25 16:47:47 | 000,096,256 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32api.pyd MOD - [2012.10.25 16:47:47 | 000,086,016 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_elementtree.pyd MOD - [2012.10.25 16:47:47 | 000,073,728 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_ctypes.pyd MOD - [2012.10.25 16:47:47 | 000,070,656 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._html2.pyd MOD - [2012.10.25 16:47:47 | 000,040,448 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_socket.pyd MOD - [2012.10.25 16:47:47 | 000,022,528 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32pdh.pyd MOD - [2012.10.25 16:47:47 | 000,011,776 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32crypt.pyd MOD - [2012.10.25 16:47:45 | 001,169,408 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._core_.pyd MOD - [2012.10.25 16:47:45 | 000,807,424 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._windows_.pyd MOD - [2012.10.25 16:47:45 | 000,311,808 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\_hashlib.pyd MOD - [2012.10.25 16:47:45 | 000,121,856 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._wizard.pyd MOD - [2012.10.25 16:47:45 | 000,111,104 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32file.pyd MOD - [2012.10.25 16:47:45 | 000,110,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pywintypes26.dll MOD - [2012.10.25 16:47:45 | 000,039,424 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32inet.pyd MOD - [2012.10.25 16:47:45 | 000,036,352 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32process.pyd MOD - [2012.10.25 16:47:43 | 001,056,256 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\wx._controls_.pyd MOD - [2012.10.25 16:47:43 | 000,585,728 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\unicodedata.pyd MOD - [2012.10.25 16:47:43 | 000,153,088 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\pyexpat.pyd MOD - [2012.10.25 16:47:43 | 000,017,920 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\win32event.pyd MOD - [2012.10.25 16:47:43 | 000,011,776 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Temp\_MEI29722\select.pyd MOD - [2012.06.15 17:20:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.15 17:20:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012.05.09 17:26:08 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll MOD - [2012.05.09 17:15:44 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll MOD - [2012.05.09 17:15:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll MOD - [2012.05.09 17:15:32 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll MOD - [2012.05.09 16:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 16:59:13 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012.05.09 16:59:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012.05.09 16:59:09 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.09 16:57:30 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll MOD - [2012.05.09 16:57:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 16:57:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 16:57:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 16:57:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.04 01:29:04 | 001,850,880 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll MOD - [2009.07.14 19:58:14 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.09.29 22:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.14 18:38:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:17:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Stopped] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.05.02 19:37:01 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.09.30 00:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 22:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.05.14 18:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 18:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.08.30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.12.12 16:11:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 6C C2 1B 76 2B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://forum.gamersvillage.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.10.02 16:54:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.10.02 16:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 18:38:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 18:38:21 | 000,000,000 | ---D | M] [2011.05.02 20:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.10.23 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions [2011.12.25 23:06:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.20 15:04:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\elhy5yky.Thomas\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.25 16:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions [2011.05.12 21:33:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\h0q3jeed.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.25 22:57:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\elhy5yky.Thomas\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.24 22:50:17 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011.05.27 16:49:09 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\h0q3jeed.default\searchplugins\youtube-videosuche.xml [2012.10.14 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.14 18:38:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.10 17:45:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.13 18:58:48 | 002,418,176 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll [2012.06.23 15:04:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 17:46:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 15:04:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 15:04:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 15:04:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 15:04:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKCU..\Run: [SimpleSYN.NET] C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe (creativbox.net, Torsten Leithold & Georg von Kries GbR) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk = C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18142464-BC57-41A3-B2F8-11930A39B49D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 17:11:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\OTLPE [2012.10.16 17:03:38 | 000,000,000 | ---D | C] -- C:\eeepcfr [2012.10.16 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.16 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.16 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aaaaaaaaaaaa [2012.10.14 18:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.14 11:09:13 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Google Drive [2012.10.14 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.10.14 10:25:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\handy [2012.10.10 14:57:08 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:57:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:57:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:56:27 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:56:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:56:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:56:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:56:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:56:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:56:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:56:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:56:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:56:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:56:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:56:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:56:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:56:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:55:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:54:58 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:54:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.02 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Bewerbung [2012.10.02 16:58:04 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys [2012.10.02 16:58:02 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2012.10.02 16:57:55 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.10.02 16:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2012.10.02 16:55:31 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\ForceField Shared Files [2012.10.02 16:54:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\CheckPoint [2012.10.02 16:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.10.02 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.10.02 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.02 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.02 16:33:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.02 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.02 16:16:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\logs [2012.10.02 15:31:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.10.02 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.10.02 14:28:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2011.05.14 09:23:01 | 005,816,688 | ---- | C] (creativbox.net - Internet Lösungen) -- C:\Users\Thomas\SimpleSYN_21_de_DE_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.25 16:54:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:54:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:47:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.25 16:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.25 16:46:51 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2012.10.25 16:42:51 | 000,538,941 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe [2012.10.25 16:31:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.25 16:18:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 19:33:57 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.24 19:33:57 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.24 19:33:57 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.24 19:33:57 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.24 19:33:57 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.21 18:28:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 16:59:01 | 000,302,592 | ---- | M] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:50 | 000,294,921 | ---- | M] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:21:41 | 000,515,892 | ---- | M] () -- C:\eeepcfr.zip [2012.10.15 18:16:49 | 000,180,104 | ---- | M] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.09 20:17:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 20:17:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.02 17:04:14 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | M] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.02 15:31:21 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.10.02 14:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HiJackThis204.exe [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.25 16:42:26 | 000,538,941 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe [2012.10.21 16:58:45 | 000,302,592 | ---- | C] () -- C:\Users\Thomas\Desktop\opppn0d6.exe [2012.10.19 17:05:46 | 000,294,921 | ---- | C] () -- C:\Users\Thomas\Desktop\2012_Spieleabend.pdf [2012.10.16 16:25:28 | 000,515,892 | ---- | C] () -- C:\eeepcfr.zip [2012.10.15 18:16:34 | 000,180,104 | ---- | C] () -- C:\Users\Thomas\Desktop\Merkhilfe.pdf [2012.10.14 11:09:15 | 000,001,719 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Drive.lnk [2012.10.02 16:58:11 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.10.02 16:56:52 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2012.10.02 16:33:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 16:16:25 | 000,070,057 | ---- | C] () -- C:\Users\Thomas\Desktop\logs.zip [2012.10.02 15:54:44 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012.10.02 15:31:14 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012.09.17 16:42:58 | 000,002,839 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2012.04.19 20:56:30 | 007,215,042 | ---- | C] () -- C:\Users\Thomas\Peter Lustig Das Loblied der Latzhose.wma [2011.12.04 12:28:52 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll [2011.09.30 22:21:46 | 000,074,334 | ---- | C] () -- C:\Users\Thomas\me2.jpg [2011.08.15 18:30:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.08.15 18:30:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.11 21:32:00 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.06 17:23:45 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.05.22 13:12:41 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.21 16:10:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.21 16:10:16 | 000,002,333 | ---- | C] () -- C:\Windows\unins000.dat [2011.05.14 09:26:30 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.02 21:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/code] Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.10.2012 16:50:50 - Run 6 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Thomas\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free 3,49 Gb Paging File | 1,85 Gb Available in Paging File | 53,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 145,49 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: THOMAS-LAPTOP | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Unable to open value key File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009F1993-D895-42EC-AE94-1438A33AB613}" = lport=139 | protocol=6 | dir=in | app=system | "{01950809-75A8-456A-BD5D-6D9F96C8CFCD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{03CF7DC7-3BB8-4354-8F36-5E52A337DB4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{152AF3D2-15E0-4A45-B3E9-70849B82DC2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18C45366-81AB-4FBA-A63F-73A44520EDA1}" = lport=445 | protocol=6 | dir=in | app=system | "{203410EF-3D58-412A-AACC-AB832C637293}" = rport=138 | protocol=17 | dir=out | app=system | "{2EFF417C-0944-4AF6-88EE-68C631013DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C16B16F-E8D1-4F40-B21B-C130FBAEF900}" = rport=139 | protocol=6 | dir=out | app=system | "{53469E56-6A28-4D85-BA3C-E7482D2E045E}" = lport=137 | protocol=17 | dir=in | app=system | "{5D2A7D8D-44D4-4CD9-92F1-3774B6364284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D78AD86-60C9-4DB2-B7C9-061A3980B002}" = rport=137 | protocol=17 | dir=out | app=system | "{5E9D1BA1-EE52-495C-8CB0-A20FFB2C0B46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{660CBF9F-D873-4AAB-87D6-2BB4DF748F3E}" = lport=138 | protocol=17 | dir=in | app=system | "{7753DCC0-9F0C-4306-BFDE-44A55B4C1468}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CF15ED0-1491-4433-B12E-7A8417A18B64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{853EF285-EB9E-4B53-BCA9-A859725A2F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9112B149-2A87-4D63-AD92-75D137CEC526}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95F2B770-E1C2-4C00-B44D-1B499427A558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A195CEC6-52D9-4368-A835-D9F74BFE358C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B34C9AB4-F4B5-4CC3-8796-5A2BCF879BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0CCE71E-AC5B-4CA5-8F8A-361385E40FB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4586BD9-F26A-4B2C-96B1-01BF0CBCE261}" = rport=445 | protocol=6 | dir=out | app=system | "{C85F5EE1-DDE7-43D3-99A4-A26C9F19072F}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE666F4A-0E85-4A74-8807-D5E23788A9A9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D8611E18-0011-42DC-B01D-7489FCD4BFDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0C6EEEB-0D13-451B-BA3D-B6BA2192CF72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F66806CC-7D81-4D32-BD50-A239F76F3C62}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F7E92274-6EEA-418F-B860-24CB2B56C488}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD4E9F9C-A811-4B31-97C8-C1EEEC980BEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF1930A5-46B9-41DC-B5CF-541C690A1774}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090A505C-1DC1-4080-A737-46B0AFA0E332}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{0959AB51-30D3-4C7C-A96A-363A5A4A595A}" = protocol=6 | dir=out | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{102AC434-CA28-49A3-9D4C-8EE5BC6B55B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{11DFB0D3-CF2A-4E7B-9775-1CD1ACF5CF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{16D952BC-6287-4CE5-A033-74B9A42D3CE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A160A7F-BDC5-4D3A-A848-DE540EB5A396}" = protocol=6 | dir=out | app=system | "{1CF9584E-D25A-4644-9867-375EE9707069}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{2BA62F6F-009C-4FD7-8027-97AC6250DBD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2D2761D1-02DA-4C3A-B1AF-C63ADF776112}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{35246083-F4C2-4228-858E-896F95B1DE8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{370E117D-03D1-4241-9967-B710B934E760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39533DAB-B314-49DB-96E7-A1A0B6BC9B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{42D83C5A-13B2-43FF-8A3B-CAD62BC700A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43314D40-461A-44FA-8E2A-F9238B8C7816}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{4E1F1F1B-51D8-4555-AF55-C49A14ADA8FF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{500074CD-FD47-4090-B8E8-EB6C4D750C12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{513878AC-BBAB-4FE2-8312-BEDCC5E44694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57207465-3D2B-442C-818C-AAECAD3FB513}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59CEDD5F-5803-4EF8-9C3F-D8E00FF78834}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6937002E-EAD1-46EE-99B2-08262C11B563}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{7AE0510D-AFFD-43A5-A4AA-49062E1815C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B7A981E-4AF3-4518-A645-CBDD27F5AFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7D06ED00-5C36-4912-8FC9-0C04CD212E71}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{7FF63159-6E44-4001-9465-475A0884779F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9052315F-5B7A-4C22-8E82-42666098558A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{93A6ACC7-4F63-40BE-A12A-8A71EEED6317}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{AAB1EACE-DA4D-4771-A074-53E2B6A56F22}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BED41730-D5C6-4FE9-A010-181F2780E613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0763321-0DFA-44C0-A3E1-61D10B3C0DEE}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "{CB82AD16-C6DC-40CD-8D47-6F1C904E4DF3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{D53F1DD9-20E4-4551-8DB7-8775FD566F8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9792390-47C3-4B8A-8497-499193E5DBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\creativbox.net\simplesyn 2.1\cbn.simplesyn.net.exe | "{DB22D2C4-58AD-482D-B418-531FFD905F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEE91FD1-88A3-4068-B200-3AF18C1D3C12}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E53B5825-4288-4AA1-B834-775EBE5A6363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E7EDD54A-1B7C-4991-9B98-88EF4AD0AED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5C2F14B-5F72-4D3E-831A-27444703F563}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{FA21EA6D-FC24-47D9-A28B-CC236DB497DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5957FF87-49EA-4661-BB20-7316C86F33B1}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "TCP Query User{5BC8D985-4B80-4496-A217-3FD439955D85}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{92926689-3026-43D8-8605-8F57EE21E70A}C:\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "TCP Query User{CC1F267D-8684-4D88-915F-8EB9993448D2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{E33F7FBA-8B73-4B38-A869-E8B4AE171D72}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{00541304-62EC-4DF3-A47E-E6C9865EB5AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{4A761A5C-4349-4C1E-8FBB-030B14DF6EDF}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{AC0960DE-FADA-4CE6-B07A-E4A1BFA5E915}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | "UDP Query User{C92B1C47-8E62-42CC-BF7E-34A142087E9B}C:\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth\empire earth.exe | "UDP Query User{D21CC1F6-B4B6-4AF1-BCB9-7D525D224A29}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager "{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "BatteryBar" = BatteryBar (remove only) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Canon SELPHY CP760" = Canon SELPHY CP760 "CCleaner" = CCleaner "Defraggler" = Defraggler "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common "{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French "{4762820B-BFD0-420E-BC8F-31BEE01DC30C}" = Google Drive "{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition "{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian "{559788C7-8375-4B5E-B7BA-B5DBBD84DBB3}" = ZoneAlarm Antivirus "{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A271321-D7E2-46FE-9BF6-2CFD47556FB8}" = ZoneAlarm Firewall "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7016BF44-E81D-4F10-B59C-4C9DCC43EC8C}" = SimpleSYN 2.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian "{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0 "{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All "{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish "{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6BC900A-520A-4D95-A23F-4ED82A930609}" = ZoneAlarm Security "{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech "{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity_is1" = Audacity 1.2.6 "CamStudio" = CamStudio "CloneDVD2" = CloneDVD2 "ElsterFormular 13.1.1.8479k" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.7.1 "Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.752 "Fotosizer" = Fotosizer 1.32 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1" = Free YouTube Download version 3.0.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "GSAK_is1" = GSAK 8.0.0.133 (Final) "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "Pidgin" = Pidgin "PokerStars" = PokerStars "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2 "STRATO HiDrive" = STRATO HiDrive (remove only) "Synthesia" = Synthesia (remove only) "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "USB Audio_is1" = Ver 1.2.0 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Yahoo! Messenger" = Yahoo! Messenger "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.03.2012 05:46:31 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 61c Startzeit: 01cd0a5b171ebbcb Endzeit: 147 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 637fe81b-765f-11e1-8dff-78acc0418e0f Error - 25.03.2012 16:20:40 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0xdec Startzeit der fehlerhaften Anwendung: 0x01cd0a5ae78ff7f8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fd5ad5f1-76b7-11e1-8dff-78acc0418e0f Error - 03.04.2012 12:36:50 | Computer Name = Thomas-Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_formatwandler-4.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 10.04.2012 16:53:05 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1318 Startzeit: 01cd175bc24d1b60 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 2868cc0b-834f-11e1-8db7-78acc0418e0f Error - 16.04.2012 12:50:26 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12f4 Startzeit: 01cd1bf0eae2bd61 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 40fa25cd-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:50:46 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit: 01cd1bf107d277b0 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 4e2260ed-87e4-11e1-8c5c-78acc0418e0f Error - 16.04.2012 12:51:15 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cd1bf1144a8cfc Endzeit: 141 Anwendungspfad: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe Berichts-ID: 5a9a763a-87e4-11e1-8c5c-78acc0418e0f Error - 03.05.2012 09:44:55 | Computer Name = Thomas-Laptop | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01cd293288b57e70 Endzeit: 387 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 090750ab-9526-11e1-8e1f-78acc0418e0f Error - 16.06.2012 08:36:31 | Computer Name = Thomas-Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.10.7.804, Zeitstempel: 0x4e402c1e Name des fehlerhaften Moduls: VideoFileToIPOD.dll, Version: 1.7.20.808, Zeitstempel: 0x4e452895 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000131d2 ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cd4bb611bd21c7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll Berichtskennung: e5a21663-b7af-11e1-b050-78acc0418e0f Error - 23.06.2012 04:18:01 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen Error - 04.07.2012 16:37:26 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. Error - 16.07.2012 04:18:04 | Computer Name = Thomas-Laptop | Source = Service1 | ID = 0 Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen [ Media Center Events ] Error - 30.06.2012 03:44:09 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:09 - Fehler beim Herstellen der Internetverbindung. 09:44:09 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 03:44:20 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 09:44:14 - Fehler beim Herstellen der Internetverbindung. 09:44:14 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:28 - Fehler beim Herstellen der Internetverbindung. 10:44:28 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2012 04:44:38 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 10:44:33 - Fehler beim Herstellen der Internetverbindung. 10:44:33 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:17 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:17 - Fehler beim Herstellen der Internetverbindung. 16:30:17 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 10:30:28 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 16:30:22 - Fehler beim Herstellen der Internetverbindung. 16:30:22 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:34 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:34 - Fehler beim Herstellen der Internetverbindung. 17:30:34 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 11:30:46 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 17:30:39 - Fehler beim Herstellen der Internetverbindung. 17:30:39 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:30:51 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:51 - Fehler beim Herstellen der Internetverbindung. 18:30:51 - Serververbindung konnte nicht hergestellt werden.. Error - 29.07.2012 12:31:02 | Computer Name = Thomas-Laptop | Source = MCUpdate | ID = 0 Description = 18:30:56 - Fehler beim Herstellen der Internetverbindung. 18:30:56 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 25.08.2011 09:40:22 | Computer Name = Thomas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 202 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.10.2012 08:11:16 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.10.2012 10:05:14 | Computer Name = Thomas-Laptop | Source = bowser | ID = 8003 Description = Error - 24.10.2012 10:12:22 | Computer Name = Thomas-Laptop | Source = BROWSER | ID = 8032 Description = Error - 24.10.2012 15:38:55 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:00:41 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:01:21 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst STRATO HiDrive Service erreicht. Error - 25.10.2012 10:01:21 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "STRATO HiDrive Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 25.10.2012 10:47:10 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 25.10.2012 10:47:50 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst STRATO HiDrive Service erreicht. Error - 25.10.2012 10:47:50 | Computer Name = Thomas-Laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "STRATO HiDrive Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > [/code] |
25.10.2012, 18:57 | #11 |
/// the machine /// TB-Ausbilder | Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Java deinstallieren und neue Version 7 Update 9 installieren. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 19:30 | #12 |
| Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Das war schon der ganze Zauber? Supi! Danke dir! |
25.10.2012, 20:38 | #13 |
/// the machine /// TB-Ausbilder | Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom Ja war es AdwCleaner öffnen > Uninstall. Tool-Bereinigung mit OTC Bitte lade Dir OTC von OldTimer herunter.
Ende
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Prüfen ob alles in Ordnung - Teil 2 Brief von der Telekom |
adobe, audacity, autorun, bho, brief, canon, converter, explorer, firefox, flash player, format, gesperrt, helper, hijack, hijackthis, iexplore.exe, incredibar toolbar, install.exe, kaspersky, logfile, mozilla, mp3, object, plug-in, port, realtek, registry, richtlinie, rundll, software, svchost.exe, udp |