| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer hängt ständig - Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2012, 21:30
| #1 |
 |  Computer hängt ständig - Trojaner? Hey, also wie schon im Titel beschrieben, hängt mein PC ständig. Teilweise erscheint beim Starten/nach der Anmeldung auch nur erst ein komplett schwarzer, dann ein weißer Bildschirm und bis ich dann mal mit dem Computer arbeiten kann, dauerts dementsprechend eine Weile. (kann bis zu einer halben, 3/4 Stunde dauern. Für die heutige Zeit doch ein wenig doof) Meistens hängt er alle 2 Minuten und selbst der Task Manager zeigt dann keine Rückmeldung (Was ziemlich depremierend ist ) Nicht nur im Internet ist er lahm und hängt sondern auch, wenn ich vielleicht mal ein Bild anschauen möchte, eine Datei in den Papierkorb schiebe und, und, und... Nun hab ich mich hier im Forum ein wenig umgesehen und mir auch Malwarebytes runtergeladen und einen vollständigen Scan durch geführt. Welch Wunder, natürlich wurden infizierte Dateien gefunden. Es heißt ja jetzt, dass man auf keinen Fall von anderen Threads Lösungsvorschläge übernehmen soll, deshalb fände ich es wunderbar, wenn mir jemand helfen könnte. Vor allem für die baldige Arbeit bräuchte ich einen PC der (muss auch nicht ganz) einwandfrei funktioniert. Vielen, vielen lieben Dank schon mal im Vorraus! (Falls das Problem behoben wird oder generell jemand sich die Zeit nimmt schicke ich in Gedanken einen Korb voll Muffins oder Alternativ einen Kasten Bier  )Hier das Ergebnis von der Anti-Maleware: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Holly :: HOLLY-PC [Administrator] Schutz: Aktiviert 12.11.2012 18:35:00 mbam-log-2012-11-12 (18-35-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366418 Laufzeit: 1 Stunde(n), 8 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Holly\AppData\Local\Temp\nsd7C52.tmp\InstallManager.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\CatLickingScreenCleaner.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader(1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und von OTL: OTL logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE480DE470 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.478 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEQrW73a&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 14:11:26 | 000,000,000 | ---D | M] [2012.02.04 19:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Extensions [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions [2012.06.13 18:39:09 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\ffxtlbr@incredibar.com [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\foxyproxy@eric.h.jung [2012.06.13 18:39:03 | 000,002,203 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\mozilla\firefox\profiles\cs67qn64.default\searchplugins\MyStart Search.xml [2012.06.18 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.24 19:47:57 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.18 14:11:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled) CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Web Assistant = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ CHR - Extension: Plants vs Zombies = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Facebook Notifications = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{719D0F0D-6238-4220-86B1-A081EFA89FF8}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 18:39:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.12 18:33:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.12 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.12 18:33:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 10:37:51 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apple Computer [2012.11.12 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Apple Computer [2012.11.12 10:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.12 10:37:15 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.12 10:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.11.12 10:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.11.12 10:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.03 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Avira [2012.11.03 12:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 12:52:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.03 12:52:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.03 12:51:59 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.28 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Daedalic Entertainment [2012.10.28 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.10.28 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.10.28 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2012.10.28 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2012.10.28 13:52:45 | 019,438,992 | ---- | C] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | C] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe [2012.10.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\dvdcss [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.11.12 20:03:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 19:49:12 | 000,022,453 | ---- | M] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | M] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.12 18:33:23 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 18:05:48 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 10:37:47 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.10 18:46:23 | 000,010,562 | ---- | M] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:18 | 000,127,237 | ---- | M] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.07 21:37:58 | 001,527,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.07 21:37:58 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.07 21:37:58 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.07 21:37:58 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.07 21:37:58 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.07 12:20:33 | 000,002,387 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.03 12:52:18 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | M] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | M] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | M] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | M] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | M] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | M] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.28 13:52:56 | 019,438,992 | ---- | M] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | M] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe ========== Files Created - No Company Name ========== [2012.11.12 20:07:48 | 000,000,110 | -H-- | C] () -- C:\Users\Holly\Desktop\.~lock.Trojaner.odt# [2012.11.12 19:49:10 | 000,022,453 | ---- | C] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | C] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.12 10:37:47 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.12 10:36:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.10 18:46:21 | 000,010,562 | ---- | C] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:17 | 000,127,237 | ---- | C] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.03 12:52:18 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | C] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | C] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | C] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | C] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | C] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | C] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.10 12:12:00 | 000,002,088 | ---- | C] () -- C:\Users\Holly\.recently-used.xbel [2012.06.03 17:52:04 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.05.02 17:17:45 | 000,000,093 | ---- | C] () -- C:\Users\Holly\AppData\Local\fusioncache.dat [2012.05.02 17:16:24 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 09:34:15 | 000,005,120 | ---- | C] () -- C:\Users\Holly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 22:33:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.03.08 13:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Drivers [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Devices [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic [2012.03.08 13:05:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.08 13:05:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices [2012.03.04 20:36:58 | 000,013,078 | ---- | C] () -- C:\Windows\wininit.ini [2012.02.27 11:42:38 | 000,000,432 | ---- | C] () -- C:\Users\Holly\AppData\Local\HamsterVideoConverterSettings.cfg [2012.02.04 19:47:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.02.03 15:48:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.07 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\3v [2012.07.15 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\A2 Entertainment [2012.03.21 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Alawar [2012.07.16 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\aliasworlds [2012.07.05 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Artifex Mundi [2012.03.21 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Be a King 2 [2012.03.24 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Boolat Games [2012.07.01 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\DailyMagic [2012.02.12 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\eMachines Drivers Update Utility [2012.03.24 23:20:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ERS G-Studio [2012.10.01 18:27:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ewycm [2012.04.22 12:39:14 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\FileZilla [2012.10.01 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Fituih [2012.03.23 11:51:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\GameInvest [2012.09.26 13:17:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\gtk-2.0 [2012.10.04 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Hero [2012.06.19 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ICQ [2012.03.08 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Islands2 [2012.10.01 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Isuk [2012.07.04 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Lazy Turtle Games [2012.07.12 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech [2012.02.05 12:14:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\MAGIX [2012.07.01 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Maximize Games [2012.03.08 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nikon [2012.10.11 10:21:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nokia [2012.02.04 20:08:23 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\OpenOffice.org [2012.02.11 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Opera [2012.10.10 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PC Suite [2012.08.13 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\pdfforge [2012.03.05 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Peace Craft [2012.03.04 23:48:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PeaceCraft3 [2012.03.27 10:45:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ph03nixNewMedia [2012.07.03 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PlayFirst [2012.07.17 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Playrix Entertainment [2012.08.13 09:57:18 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Samsung [2012.02.14 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Sony [2012.03.26 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\SulusGames [2012.09.27 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Systweak [2012.10.04 12:17:49 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Taba [2012.10.04 12:43:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Teca [2012.03.25 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Top Evidence [2012.02.09 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ViquaSoft [2012.03.07 11:07:02 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\WendigoStudios [2012.03.28 10:46:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\YoudaGames [2012.08.13 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Samsung ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:AEEC88F6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E9900C74 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AE289451 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP  453E38B@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C9BC8592 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:393F7B1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP 2397415@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2B9555D8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C9B27A06 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4B244549 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:474022C7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:04ADB7A6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:03D08225 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP 4558A0B@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:30E0D641 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:47A24D4B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E5F8E280 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP CA79AB3@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3C0887BF @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:73B78E79 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC0528D9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FECEF728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B07E6F4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:99C301D0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35629AE6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:063969F8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:15752405 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3766E957 < End of report > OTL Extras OTL Extras logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B3DBFDA-0444-44C9-8B9D-868BD1248003}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BD6999D-B982-49F7-9D40-D523356D4977}" = lport=137 | protocol=17 | dir=in | app=system | "{0FDE3E21-5A5D-4664-B55E-C02E3245490B}" = rport=139 | protocol=6 | dir=out | app=system | "{11997C98-C340-48B6-9A3B-95FC6778084E}" = rport=138 | protocol=17 | dir=out | app=system | "{11CC0787-B9E1-4723-9AF0-870F3BEA6588}" = lport=2869 | protocol=6 | dir=in | app=system | "{177C2D56-F32F-46E4-BFF9-5F50113D5198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2443997D-39EB-4C0D-AE90-4F7DF9F7990E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{2EB8885B-0410-4355-9BC0-2BF8DEAA62FB}" = rport=137 | protocol=17 | dir=out | app=system | "{4B46EB79-12FE-4F2A-91D8-3B149994835A}" = rport=445 | protocol=6 | dir=out | app=system | "{4BB960F0-6B01-45B1-A716-BEE68BAD3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CFE1AD3-67F3-45E7-81DD-1CA4C1CA4936}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52A9CB31-C4A4-4CC9-8DD4-B3DE236C4019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63581111-8B58-4C9A-BA59-F86DBB601E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{657BCB93-69B9-48C0-B9A9-42A49ADD4415}" = lport=139 | protocol=6 | dir=in | app=system | "{679119ED-D2D2-4FB2-B3F1-A31476781673}" = lport=10243 | protocol=6 | dir=in | app=system | "{6D12D772-BD53-4045-8E48-E39570D14F04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E12649F-5607-477D-8747-6621D0405200}" = lport=2869 | protocol=6 | dir=in | app=system | "{71569EF8-594D-4020-95F3-D064090741EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7EAD29FA-CA7F-431B-B50B-A6B516C9433A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87497B38-C438-4249-B179-97C59AB69FBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8DD2D3EA-778A-426E-A9E8-9A22A5CF372C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8FDDB1D6-461C-46B0-8C34-B2699F7ADBB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{915E6490-678A-4ACD-89F3-C13A4BCD39D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{946E212C-1B4F-4B8C-AE76-D411DD593AF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{949872DA-F687-4181-ACE6-3F81E01C224D}" = rport=10243 | protocol=6 | dir=out | app=system | "{A1DEB659-B539-406B-AE65-6CD230FD88D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9D4CC51-793C-49BE-AE5B-20AF3A56D9C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF0F5924-2F10-4C4A-9320-EA17901AD405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C476D948-34AE-4DCE-B7D2-AC20F3CA0C87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CD6CB58C-96A4-42DE-BBEA-FE54F8BFED52}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{D334148B-FBCD-47A5-ACF8-D8979234F260}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D9327A3D-1C46-4BE8-90F6-F8782ED364E8}" = lport=138 | protocol=17 | dir=in | app=system | "{DF27A6DB-4ADB-4DBB-95CE-81E68F5E1D5A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{F3551E64-4756-4AC5-A0E0-7D014B345E90}" = lport=445 | protocol=6 | dir=in | app=system | "{FA621F5F-0A65-4034-889D-C060C4FCCA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD5FDB4C-F692-4085-B645-275F800FF387}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{036F2CA4-2152-4989-BBED-E6A71149B7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{05D5DC64-8D43-4037-8C92-5125BC52FE43}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{087BD802-3F91-492E-8AAF-8B4104C34E2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{095BB923-7F87-450D-A34E-5D8D61D4970F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D0F5963-11CD-4F70-832D-077A9C989F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{0DC585B8-1B3C-4C42-AC9C-462C1EA125E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{0F2B777B-EA02-462B-A84D-7BA6A26B944B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{14DACBCA-B089-487B-9833-A7FAF10BF737}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{174D1878-96A8-4938-B4BB-225B4F3878E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1BD3F9CD-C4A6-4F82-9DAF-631810AC0834}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1BFD5554-F7C7-47B4-BEDA-6F8ABCA01449}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1CB598E7-6FD9-4E5E-8051-648E2AF46AB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1F673594-66FE-4D29-9142-9627423CD599}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{26FF9933-6442-41AA-AC5A-39FC5D2AD34E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{2848522C-EB25-40A3-9084-9450D35D08BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{28D25042-1B5C-4B90-8B71-D6490ABFAB11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{29114D44-D833-47FF-B2F4-9B8202A38D92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{29F29B48-8BED-44FF-BB34-8C77117AA009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2AAD3FE4-2835-4C08-9D90-ABDEC137CFDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2E17A58E-6B54-45C5-9149-D9FA845D4FCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{30EDE398-7FEE-4660-979F-ED93BE7CDF11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32988AB2-3B18-4BC8-B964-332DC0A9D059}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33D9063D-F11C-4AFF-8903-A50206398254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{395F3F72-E463-4398-A9F3-5AFABB30831D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3CC14A62-1A19-479D-A397-2B458E941397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5CE9000E-7793-47C5-AB09-C2D3515D9D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{603B2745-FD5A-41BE-8E76-2B9A8232CD01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6746F7A3-D622-4931-AD1E-DB4C7A512751}" = protocol=6 | dir=out | app=system | "{68FB0663-63FF-4007-8B5A-5E2129C0C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{6CAC2253-50EF-4F88-A91A-8EEB2EAEAAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{708E6793-9FD2-4047-8F2C-376403C04918}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{71CC7D71-0D9C-4701-8E89-A1E6DD74C1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{75257F08-58F6-4F48-AE15-22ADB9462D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{756CA6A3-ABD0-4B0E-86AB-D6EFC0E89987}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7B76BC88-4840-4F4F-A933-5FB63C0C4C7A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{8A999F48-5462-48EF-B625-A81F58DD4B52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8B0B8143-50E1-42F6-B5D8-513524538DF8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{9194BEC6-7FFA-4B29-9846-8F6DC81D43D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9276E005-8DDD-4FA4-A9BC-E2CB992BB644}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{93C9662B-BC7E-491C-AE1E-1520F91E9440}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B7B881F-23B7-4699-96F1-4AE7380520DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9BD60B84-9CF7-4184-8587-C4D2D7FBB8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9CFE09D1-832A-4293-AEC6-358B718BDD87}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{9F020372-1CED-4EB7-806D-E4F2BB2677CB}" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{A52AA55E-5675-47CE-95AF-BDC92A2BBC18}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B462FCE4-2F06-47F6-BF91-75A5734D6B3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B62A4A38-5743-4675-9D92-32E1FA32EA06}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{BD9BC4C4-25A9-4C30-AAFB-B0F287A04DA6}" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{C708378F-FA00-4EC6-B295-788FCC2703E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CC61D8B8-2F46-47C6-A5ED-65DB53FF7B64}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{CCB23B3A-19F6-48E3-808E-0454A8E88364}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{D0631B2B-46D9-4297-9A05-08CED0BC26BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D83DD9DB-C701-4F2D-A68E-806851534F97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{D969251B-133B-4993-A64F-B46C8446C1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D9D525DA-261F-4361-9D2E-9BF65D7D45A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D9E4FB79-F32E-4E9F-A820-8B8FBD4A90D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA235B6D-0F78-4645-9AEB-88E9A2370345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA5F27CC-67DB-446B-A719-A668484CF461}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DD8A503F-3380-4520-861D-433A4A2643C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E116897C-CFBE-4629-A251-1EDE56FA825D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E290888F-989C-497B-9EE7-73B982226B12}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F3F96D9F-ED9F-4F6C-B086-DFB5C86CE811}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{F42B01A9-ACE3-4793-8388-5294BE17ED36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{6B0A90A5-347F-4C09-80E7-05BB4E8775F5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{37C07ED4-7D4B-4201-8E8B-C41303997472}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WinGimp-2.0_is1" = GIMP 2.6.8 "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{092D4427-C1D9-43C0-B1BB-C8BCFE67D5C0}" = Windows Tweaker 4.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC4C262-FE40-433D-A8B4-CC3EE18032CE}_is1" = Fallen City version 1.0 "{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N X2 USB Wireless LAN Driver and Utility "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6 "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}" = Nero 9 Essentials "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "eMachines Drivers Update Utility_is1" = eMachines Drivers Update Utility "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "Harvey" = Harveys Neue Augen Demo "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Opera 12.10.1652" = Opera 12.10 "Samsung ML-2950 Series" = Samsung ML-2950 Series "Samsung Printer Live Update" = Samsung Printer Live Update "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 24.10.2012 10:24:42 | Computer Name = Holly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454, Zeitstempel: 0x4f5ecbd4 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset: 0x6dd08ce3 ID des fehlerhaften Prozesses: 0xb2c Startzeit der fehlerhaften Anwendung: 0x01cdb1e999e58e78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll Berichtskennung: 8c8b6964-1de6-11e2-9e0d-002511659ce9 Error - 25.10.2012 06:27:51 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.10.2012 06:28:56 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 19:23:30 | Computer Name = Holly-PC | Source = DCOM | ID = 10010 Description = Error - 30.07.2012 19:01:33 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht. Error - 31.07.2012 03:12:34 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error - 02.08.2012 05:25:45 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NVIDIA Update Service Daemon erreicht. Error - 02.08.2012 05:26:48 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.08.2012 05:33:26 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > |
| Themen zu Computer hängt ständig - Trojaner? |
| 7-zip, antivir, application/pdf:, avira, bho, bildschirm, bonjour, computer, downloader, error, excel, fehler, firefox, flash player, fontcache, helper, home, hängt, infizierte dateien, install.exe, installmanager.exe, logfile, nvidia update, office 2007, plug-in, problem, realtek, registry, richtlinie, scan, security, software, svchost.exe, tracker, trojaner, usb |
Baum-Darstellung