| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 nur noch im abgesicherten Modus startbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.11.2012, 11:33
| #1 | |
 |  Win7 nur noch im abgesicherten Modus startbar Hallo Zusammen, ich hab mir scheinbar etwas eingefangen. der Rechner lässt sich nur noch im abgesicherten Modus starten. Im "Normal"modus erscheint das grünlich-türkise Windows-Hintergrundbild und der Mauszeiger. Ansonsten wird nichts geladen. Hab im abgesicherten Modus Malwarebytes durchlaufen lassen und der hat auch einiges gefunden (log siehe unten). Ich nutze im übrigen Windows 7 IntelCore2Duo 2,13 GHz 4GB RAM 64 Bit Ich würde euch gerne hier noch die otl-logs hinzufügen, aber entweder funktioniert otl.exe im abgesicherten Modus nicht oder ein anderer fehler liegt vor. Mein OTL-Problem: OTL.exe hätte ich rein theoretisch noch vom letztenmal auf dem Desktop haben müssen - wurde mir aber nicht angezeigt, auch eine Windowssuche ergab keinen Treffer. Also hab ich das nochmal hier (hxxp://oldtimer.geekstogo.com/OTL.exe ) runtergeladen. Beim speichern wurde mir gesagt, dass die Datei jedoch schon existiere. Also habe ich sie überschreiben lassen. Da ich ja mit Rechtsklick "als Administrator" ausführen soll, habe ich sie nach download nicht starten lassen. Obwohl ich sie auf dem Desktop gespeichert hatte war sie da jedoch nicht zu finden (auch eine Windowssuche wieder ergbnislos). Also nochmal gedownloaded, wieder überschreiben lassen, aber diesmal nach dem Download auf "Ausführen" geklickt (also nicht im Admin-Modus geöffnet). Hab dann die von euch angegebenen Felder markiert und auf scan geklickt. Und .... nichts ist passiert. Das Programm reagierte nicht, ließ sich auch nicht mehr schließen (im Taskmanager wurde es allerdings als "wird ausgeführt" angezeigt). Also hab ich den Rechner im abgesicherten Modus nochmal neu hochgefahren. Plötzlich sind auf dem Desktop jede Menge .tmp-Dateien und eine desktop.ini Datei drauf. Hab dann OTL nochmal gedownloaded. Diesmal hab ich die Datei beim speichern in otl2 umbenannt und plötzlich erschien das Symbol auch auf dem Desktop. Nun konnte ich zwar im "Administratormodus" öffnen, aber auch da tut sich nichts, wenn ich auf "scan" drücke. Also, kann ich euch letztendlich mit meinem Wissensstand keine OTL-log liefern. Hier noch das Malwarebytes-Ergebnis: Zitat:
Danke für eure Hilfe Tropengift Nachtrag: Kaum hatte ich das Thema hier erstellt ploppten zwei Textdateien auf - die OTL-logs. Nun, scheinbar habe ich nicht bemerkt das OTL einen scan durchführte und das Programm beim erstenmal durch den Neustart zum Abbruch gezwungen. Das hat sicherlich die nun auf dem Desktop befindlichen .tmp-Dateien zur Folge. ich hoffe nur, dass ich dadurch jetzt nichts kaputt gemacht habe?! Nun ja, hier als o die logs: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.11.2012 11:42:19 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tropengift\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,48% Memory free
7,99 Gb Paging File | 7,32 Gb Available in Paging File | 91,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 97,85 Gb Free Space | 44,84% Space Free | Partition Type: NTFS
Computer Name: FLIWATÜT | User Name: Tropengift | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Tropengift\Desktop\OTL2.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BEB5DB54-92BA-4734-9408-042BF4671E79}
IE:64bit: - HKLM\..\SearchScopes\{BEB5DB54-92BA-4734-9408-042BF4671E79}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5BEED2CE-104E-4B79-BA8A-4FEB66CE7080}
IE - HKLM\..\SearchScopes\{5BEED2CE-104E-4B79-BA8A-4FEB66CE7080}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\SearchScopes,DefaultScope = {2B335232-9681-4976-B72D-6EE9F24D9688}
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\SearchScopes\{2B335232-9681-4976-B72D-6EE9F24D9688}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
IE - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.autocompletepro.com?si=10214"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.autocompletepro.com?si=10214&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.05 11:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 14:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.06.28 10:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Extensions
[2011.06.28 10:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.17 11:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\lo7fzu5p.default\extensions
[2011.11.18 12:15:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\lo7fzu5p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.17 11:00:01 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\lo7fzu5p.default\extensions\software@loadtubes.com
[2012.06.17 20:46:35 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\lo7fzu5p.default\extensions\support@predictad.com
[2012.07.16 11:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\x59gnneh.ffa\extensions
[2012.07.16 11:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\x59gnneh.ffa\extensions\staged
[2012.06.17 20:46:35 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Tropengift\AppData\Roaming\mozilla\Firefox\Profiles\x59gnneh.ffa\extensions\support@predictad.com
[2012.08.12 10:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.28 20:28:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.05 11:54:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.03.23 12:40:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 13:43:36 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.06.17 20:46:35 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
O1 HOSTS File: ([2011.06.19 19:53:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Tropengift\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Tropengift\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000..\Run: [fbokupd] C:\Users\Tropengift\AppData\Roaming\MyFolder\fbokupd.exe ()
O4 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tropengift\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tropengift\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3091487683-4159434333-3036214256-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9590618F-9F6F-4882-A9BC-057B3C7CBBA4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9590618F-9F6F-4882-A9BC-057B3C7CBBA4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7A6C4AF-763E-48C3-BDC7-51D7AABB7788}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.09 10:59:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tropengift\Desktop\OTL2.exe
[2012.11.09 10:57:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tropengift\Desktop\OTL.exe
[2012.11.08 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\Tropengift\Documents\erotische Texte
[2012.10.30 14:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.25 21:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden
[2012.10.25 21:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2012.10.25 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duden
[2012.10.19 13:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.19 13:16:41 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.10.19 13:16:41 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.10.19 13:16:41 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.10.17 09:16:20 | 000,000,000 | ---D | C] -- C:\Users\Tropengift\Documents\vorschlägekalender2014
[2012.10.16 18:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.16 18:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2009.12.12 21:19:09 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Tropengift\AppData\Roaming\DataSafeDotNet.exe
[12 C:\Users\Tropengift\Desktop\*.tmp files -> C:\Users\Tropengift\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.09 11:11:33 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.09 11:11:33 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.09 11:11:33 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.09 11:11:33 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.09 11:11:33 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.09 11:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.09 11:05:42 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.09 10:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tropengift\Desktop\OTL2.exe
[2012.11.09 10:57:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tropengift\Desktop\OTL.exe
[2012.11.09 10:35:07 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.08 23:01:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.08 22:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.08 19:09:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 19:09:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 19:01:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.28 17:50:09 | 000,163,814 | ---- | M] () -- C:\Users\Tropengift\Desktop\Heimat i bin di so noah.pdf
[2012.10.26 13:44:40 | 000,003,072 | ---- | M] () -- C:\Users\Tropengift\Desktop\boom.gp5
[2012.10.26 09:55:38 | 004,978,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.24 12:12:04 | 000,003,716 | ---- | M] () -- C:\Users\Tropengift\Desktop\huhz.gp5
[2012.10.20 19:47:41 | 000,196,436 | ---- | M] () -- C:\Users\Tropengift\Desktop\CSV_Themenliste.pdf
[2012.10.19 09:11:33 | 000,030,220 | ---- | M] () -- C:\Users\Tropengift\Desktop\crawford.gp5
[2012.10.18 22:30:52 | 000,003,984 | ---- | M] () -- C:\Users\Tropengift\Desktop\blues.gp5
[2012.10.18 14:50:36 | 003,248,020 | ---- | M] () -- C:\Users\Tropengift\Desktop\Lebenslauf.pdf
[2012.10.16 16:47:50 | 000,006,886 | ---- | M] () -- C:\Users\Tropengift\Desktop\intro.gp5
[2012.10.16 10:53:37 | 000,049,783 | ---- | M] () -- C:\Users\Tropengift\Desktop\Rechnung_emonsverlag.pdf
[2012.10.10 17:28:32 | 000,022,871 | ---- | M] () -- C:\Users\Tropengift\Desktop\noonetoldus.gp5
[2012.10.10 12:38:12 | 000,022,414 | ---- | M] () -- C:\Users\Tropengift\Desktop\theytoldme.gp5
[12 C:\Users\Tropengift\Desktop\*.tmp files -> C:\Users\Tropengift\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.26 13:44:40 | 000,003,072 | ---- | C] () -- C:\Users\Tropengift\Desktop\boom.gp5
[2012.10.23 21:15:08 | 000,003,716 | ---- | C] () -- C:\Users\Tropengift\Desktop\huhz.gp5
[2012.10.20 19:47:40 | 000,196,436 | ---- | C] () -- C:\Users\Tropengift\Desktop\CSV_Themenliste.pdf
[2012.10.18 22:13:35 | 000,003,984 | ---- | C] () -- C:\Users\Tropengift\Desktop\blues.gp5
[2012.10.18 12:44:03 | 003,248,020 | ---- | C] () -- C:\Users\Tropengift\Desktop\Lebenslauf.pdf
[2012.10.16 21:41:53 | 000,030,220 | ---- | C] () -- C:\Users\Tropengift\Desktop\crawford.gp5
[2012.10.15 21:45:35 | 000,006,886 | ---- | C] () -- C:\Users\Tropengift\Desktop\intro.gp5
[2012.10.15 12:15:47 | 000,049,783 | ---- | C] () -- C:\Users\Tropengift\Desktop\Rechnung_emonsverlag.pdf
[2012.10.11 10:34:46 | 000,163,814 | ---- | C] () -- C:\Users\Tropengift\Desktop\Heimat i bin di so noah.pdf
[2012.10.10 16:47:02 | 000,022,871 | ---- | C] () -- C:\Users\Tropengift\Desktop\noonetoldus.gp5
[2012.02.28 23:10:07 | 000,007,602 | ---- | C] () -- C:\Users\Tropengift\AppData\Local\Resmon.ResmonCfg
[2012.01.24 11:50:31 | 000,000,000 | ---- | C] () -- C:\Users\Tropengift\defogger_reenable
[2011.01.25 20:00:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.13 00:33:53 | 000,000,180 | ---- | C] () -- C:\Users\Tropengift\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2010.11.15 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Canon
[2012.08.24 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.22 10:04:08 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.16 11:27:48 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\convert
[2011.01.27 12:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.20 13:43:28 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\FileZilla
[2012.08.03 01:07:31 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\FotoUpW3foto
[2012.07.16 11:27:49 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\loadtbs
[2012.09.03 10:26:53 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\MyFolder
[2012.01.24 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Nuance
[2011.07.08 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\PC Suite
[2012.08.22 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\PDAppFlex
[2011.06.19 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Reviversoft
[2012.08.20 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Scribus
[2012.08.23 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.12 20:19:53 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\TeamViewer
[2011.11.14 12:58:56 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Telefónica
[2009.12.13 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Template
[2011.06.28 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Thunderbird
[2012.08.19 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Windows Live Writer
[2012.01.24 11:21:16 | 000,000,000 | ---D | M] -- C:\Users\Tropengift\AppData\Roaming\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:A8AF8B49
< End of report >
und die Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.11.2012 11:42:19 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tropengift\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,48% Memory free
7,99 Gb Paging File | 7,32 Gb Available in Paging File | 91,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 97,85 Gb Free Space | 44,84% Space Free | Partition Type: NTFS
Computer Name: FLIWATÜT | User Name: Tropengift | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149488D4-EF0B-4548-BEC1-C277FEECACA8}" = rport=138 | protocol=17 | dir=out | app=system |
"{16933118-4ACC-41E4-B80A-A63D3ABFA3A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E268E25-808F-4DD2-A073-897BFD7B9AC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{22CB8256-9AD8-4DEB-A94D-042ACB5264E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{230BEDB1-FE47-4159-A0FA-3C273291754F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25F61808-4A13-46BA-9573-343B4BD8F944}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A89B7A2-5926-469D-891A-0D019536AFD6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C391540-30A2-4E48-A048-B576512FD52E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CB12285-AE3E-4677-88F4-20D377533867}" = lport=139 | protocol=6 | dir=in | app=system |
"{2E160591-C208-4622-9980-97F7DBE93241}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E4BF95C-4580-42DA-9245-A7F38C5C18E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EA6DC0F-23FB-49A6-9D4E-71704DE4C7D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{457A81BC-B815-4218-8E2C-BB0B1E3F0267}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47B5ABE7-4E5E-4C52-A2DA-E597C1652FBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4977048F-76FC-4C10-85DB-69F602798972}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{575B0596-0AF2-4744-86BC-3412FC2BEFA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FB8CD2D-B3BA-439D-B1F1-28C057531CE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{65BF30EE-357D-41BC-9666-C3DB429DB4EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6702E907-BF94-4473-8619-0F078EBD7F23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A38264A-9E26-42D7-8228-3B0F85275925}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E616CB1-CAC8-4A31-BF78-277F7238910F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7FBDC0CC-0AF8-447A-A2BA-C7B7DB50DE85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6A28041-FBF2-4928-B936-744FD6F85268}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD49DE29-8D58-4FF8-9858-9225B20768D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{BD979281-91B6-4932-A0AA-63579989470E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3459441-B2A3-4B55-9B05-8F5499FA827D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2CC83CF-0C71-4490-AF51-C8227FDBFCD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB701EB4-6035-4300-82D1-5972D33A5926}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0B2D894-DAE0-40C1-A646-82E22D7F0024}" = lport=445 | protocol=6 | dir=in | app=system |
"{E293E419-F8B2-4983-9D61-7DFD0073F875}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1D4B778-929E-4CBD-AD60-4BDE78E8DD3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB0508FC-2DBF-4E90-94BE-18A361F7DB6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB13F742-BFF9-42B9-8CDB-594AF61E4523}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00860386-3BC5-4095-9AD5-7338E8230F4D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{0418F0DF-380F-4D6C-8B41-2A2D17A60C5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D50DBCA-F6B7-40D4-93BE-F1A28BAD07FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{356ABD21-D166-498F-A966-F44C071EAC11}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40D2C7AD-46C2-421E-BD2C-AF65C4229585}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44F1AD71-8417-4204-AC59-FBAC305A3E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4832423B-8E9F-4EBA-BFDE-46BCB2BC8348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{483368DA-92BE-4625-9F5C-99A3ADC703BB}" = protocol=58 | dir=in | app=system |
"{490A1F39-C7B9-4184-82BA-5573719E3511}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{541D6A24-9EB9-46A7-AEC1-3C3EB656B107}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F6F7F2C-B039-403F-A6DE-D8BF046DBB1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FB392FB-F936-46BD-9AC5-85EAD5E96A71}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{63C123EA-B9D0-4A3B-A353-E11A8A6272CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6464E39E-DF65-408D-8E97-64D1130A1510}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{681E6433-E79F-452F-AFC1-624B1CE8AF64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{690F6DE1-10E5-40FD-9391-0EC640EB42CE}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{6C85B03F-419B-47B8-9C13-41128E00CB03}" = protocol=6 | dir=out | app=system |
"{6EE35A12-2C27-4C5C-8EAC-C24149B7C2A2}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7D177200-5729-4256-AE19-044ADB84BCA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8DABC3FE-337E-48CB-AAAD-AC622DE2DCE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E3D32DE-C892-4397-8D00-1CC0CDECBA2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{904EB89C-EE0E-4618-A7DE-B2C1887C0B09}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{B9C515E7-C9A5-4B46-8C93-357F0BB0ECA3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2AB0FA4-4B40-4A9B-9790-9F9A39F5BD70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3362F3C-D164-47C3-B790-09C812933101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4369BF-47A9-4547-8905-B20C4BCC596A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D06637FA-3FEF-4956-BA34-C3768FD967BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3E17F3D-F8A6-43CA-9C0D-D7F61FE4797C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{D917AF23-B344-4CF1-BF97-7153BBFBD209}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E7645A85-4A0A-4A86-A138-78D86DC6C03A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E85196B7-A019-4726-AE9D-FED215881BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{E988025F-25D3-4894-8DFD-EC229CB26796}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{EDCA1897-F0A3-4CD9-94A9-5C2CE989F641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F2CD1EEE-3654-479B-8A90-86247344EB36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4681AC2-9B28-419D-B8DD-CB3D0F3087F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F48AEA28-7A0D-416F-B948-D39408CC7063}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94490075-155F-4D08-B92D-4FE592F98591}" = Nokia Ovi Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7C6232C-C6E0-A037-38D3-0DA7ABC5840B}" = FotoUP_w3foto.de
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ASIO4ALL" = ASIO4ALL
"AutocompletePro3_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Webcam Central" = Dell Webcam Central
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.0
"FLV Player" = FLV Player 2.0 (build 25)
"FotoUpW3foto" = FotoUP_w3foto.de
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"IL Download Manager" = IL Download Manager
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"o2DE" = Mobile Connection Manager
"Scribus 1.4.1" = Scribus 1.4.1
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3091487683-4159434333-3036214256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2012 13:35:32 | Computer Name = Fliwatüt | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1bdc Startzeit: 01cdb9e9813850eb Endzeit: 28 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.11.2012 13:35:36 | Computer Name = Fliwatüt | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503754ef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x1784 Startzeit der fehlerhaften Anwendung: 0x01cdb9e9a074d632
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: dfced8e4-25dc-11e2-bf8f-0025645f2600
Error - 03.11.2012 19:17:26 | Computer Name = Fliwatüt | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503754ef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x1638 Startzeit der fehlerhaften Anwendung: 0x01cdba1960b1e714
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a0e62058-260c-11e2-bf8f-0025645f2600
Error - 04.11.2012 14:41:08 | Computer Name = Fliwatüt | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1554 Startzeit: 01cdbabbda2b2c28 Endzeit: 13 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 27568677-26af-11e2-b38f-0025645f2600
Error - 04.11.2012 18:05:34 | Computer Name = Fliwatüt | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503754ef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0xc7c Startzeit der fehlerhaften Anwendung: 0x01cdbad880996ead
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c0e54efb-26cb-11e2-b38f-0025645f2600
Error - 07.11.2012 03:50:36 | Computer Name = Fliwatüt | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000005976f9d
ID
des fehlerhaften Prozesses: 0x50c Startzeit der fehlerhaften Anwendung: 0x01cdbcb88391c163
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: d08feee0-28af-11e2-b477-0025645f2600
Error - 07.11.2012 05:23:21 | Computer Name = Fliwatüt | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 07.11.2012 05:24:43 | Computer Name = Fliwatüt | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 07.11.2012 05:25:05 | Computer Name = Fliwatüt | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.11.2012 15:20:28 | Computer Name = Fliwatüt | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000059e6f9d
ID
des fehlerhaften Prozesses: 0x4e8 Startzeit der fehlerhaften Anwendung: 0x01cdbddb1b04a1c6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 5a7fd890-29d9-11e2-8176-0025645f2600
[ Broadcom Wireless LAN Events ]
Error - 17.09.2012 18:29:16 | Computer Name = Fliwatüt | Source = WLAN-Tray | ID = 0
Description = 00:29:16, Tue, Sep 18, 12 Error - Unable to decode string, error 87
Error - 23.10.2012 05:35:08 | Computer Name = Fliwatüt | Source = WLAN-Tray | ID = 0
Description = 11:35:05, Tue, Oct 23, 12 Error - Unable to gain access to user store
Error - 03.11.2012 04:07:08 | Computer Name = Fliwatüt | Source = WLAN-Tray | ID = 0
Description = 09:07:07, Sat, Nov 03, 12 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 29.11.2011 13:36:26 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 18:36:26 - Fehler beim Herstellen der Internetverbindung. 18:36:26
- Serververbindung konnte nicht hergestellt werden..
Error - 29.11.2011 13:36:32 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 18:36:31 - Fehler beim Herstellen der Internetverbindung. 18:36:31
- Serververbindung konnte nicht hergestellt werden..
Error - 15.01.2012 16:27:55 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 21:27:55 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 17.01.2012 09:58:00 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 14:57:48 - MCESpotlight konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 17.01.2012 09:58:24 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 14:58:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 17.01.2012 09:58:41 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 14:58:36 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 14.07.2012 06:22:36 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 12:22:36 - Fehler beim Herstellen der Internetverbindung. 12:22:36
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2012 06:22:45 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 12:22:41 - Fehler beim Herstellen der Internetverbindung. 12:22:41
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 06:29:58 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 12:29:58 - Fehler beim Herstellen der Internetverbindung. 12:29:58
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 06:30:13 | Computer Name = Fliwatüt | Source = MCUpdate | ID = 0
Description = 12:30:04 - Fehler beim Herstellen der Internetverbindung. 12:30:04
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 09.11.2012 06:34:57 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:37:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:37:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:37:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:42:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:42:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:42:05 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:44:11 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:44:11 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.11.2012 06:44:11 | Computer Name = Fliwatüt | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Sorry, für die Umstände Geändert von Tropengift (09.11.2012 um 11:51 Uhr) |
| Themen zu Win7 nur noch im abgesicherten Modus startbar |
| administrator, anti-malware, appdata, autostart, datei, desktop, desktop.ini, download, explorer, fehler, firefox, html, install.exe, intranet, loadtbs-3.0, log, malwarebytes, microsoft, mozilla, nach download, neu, nodrives, plug-in, programm, rechner, rechtsklick, richtlinie, scan, schließen, software, taskmanager, version., win7, windowssuche |
Baum-Darstellung