| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Firewall wird immer wieder unbemerkt deaktiviertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2012, 21:59
| #46 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows Firewall wird immer wieder unbemerkt deaktiviert Edit: Code:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.12.2012, 00:12
| #47 |
 | Windows Firewall wird immer wieder unbemerkt deaktiviert oh nein!!! jetzt alles nochmal???
__________________ ich habe jetzt grade die combofix fertig  und währenddessen konnte ich ja nix lesen[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-12-04.01 - Denise 04.12.2012 23:42:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1119 [GMT 1:00]
ausgeführt von:: c:\users\Denise\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\ssv.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-04 bis 2012-12-04 ))))))))))))))))))))))))))))))
.
.
2012-12-04 22:58 . 2012-12-04 23:01 -------- d-----w- c:\users\Denise\AppData\Local\temp
2012-12-04 22:58 . 2012-12-04 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 22:58 . 2012-12-04 22:58 -------- d-----w- c:\users\Celine\AppData\Local\temp
2012-12-04 13:05 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78148073-833C-42D6-810C-DEBBAC9068EE}\mpengine.dll
2012-11-28 14:54 . 2012-11-28 14:54 -------- d-----w- c:\programdata\Canneverbe Limited
2012-11-28 14:54 . 2012-11-28 14:54 -------- d-----w- c:\users\Denise\AppData\Roaming\Canneverbe Limited
2012-11-28 14:54 . 2012-11-28 14:54 -------- d-----w- c:\program files\CDBurnerXP
2012-11-27 13:56 . 2012-11-27 13:56 -------- d-----w- c:\users\Denise\AppData\Roaming\Malwarebytes
2012-11-27 13:55 . 2012-11-27 13:55 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 13:55 . 2012-11-27 13:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-27 13:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-24 09:56 . 2012-10-08 07:48 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-24 09:56 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-23 16:49 . 2012-11-23 16:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 16:52 . 2010-05-10 11:03 21320 ----a-w- c:\windows\system32\authuitu.dll
2012-11-20 16:52 . 2010-05-10 11:03 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2012-11-20 16:49 . 2010-05-10 11:09 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-20 16:46 . 2012-11-20 16:52 -------- d-----w- c:\program files\TuneUp Utilities 2010
2012-11-19 17:40 . 2012-11-19 17:41 -------- d-----w- c:\programdata\Fugazo
2012-11-19 17:32 . 2012-11-19 17:32 -------- d-----w- c:\program files\astragon
2012-11-16 13:35 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 13:26 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-12 17:23 . 2012-11-12 17:23 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-12 17:23 . 2012-11-12 17:23 -------- d-----w- c:\program files\Symantec
2012-11-12 17:23 . 2012-11-12 17:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-11-12 17:23 . 2012-11-25 23:38 -------- d-----w- c:\windows\system32\drivers\NSM
2012-11-12 17:23 . 2012-11-12 17:23 -------- d-----w- c:\program files\Norton Family
2012-11-12 17:23 . 2012-11-12 17:23 -------- d-----w- c:\program files\NortonInstaller
2012-11-12 16:53 . 2012-11-12 17:23 -------- d-----w- c:\programdata\Norton
2012-11-07 14:41 . 2012-11-07 19:45 -------- d-----w- c:\users\Denise\Filme
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 16:49 . 2011-06-20 14:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 13:02 . 2012-09-07 20:58 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-07 05:51 . 2012-04-22 18:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 05:51 . 2011-06-15 14:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-24 22:16 . 2012-09-17 19:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-13 13:28 . 2012-10-10 06:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-03 12:59 . 2012-04-30 13:19 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 05:51]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 18:50]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 18:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.msn.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\xmour6lv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-11-17 12:05; {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}; c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw
FF - ExtSQL: 2012-11-22 23:14; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-05 00:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSM]
"ImagePath"="\"c:\program files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe\" /s \"NSM\" /m \"c:\program files\Norton Family\Engine\2.6.0.52\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-12-05 00:04:39
ComboFix-quarantined-files.txt 2012-12-04 23:04
ComboFix2.txt 2012-12-01 17:20
.
Vor Suchlauf: 21 Verzeichnis(se), 42.515.501.056 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 42.478.424.064 Bytes frei
.
- - End Of File - - 10D9BA51EA70E55EC1C3E0826DF05F2A
|
|
05.12.2012, 00:20
| #48 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Verdammt ich hab mich verklickt bei meinen Bausteinen
__________________ Klären wir morgen, ich muss jetzt in meinem königlichen Gemach verweilen 
__________________ |
|
05.12.2012, 00:22
| #49 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert Danke Dir für die umfangreiche Hilfe!!! Dann mal guts Nächtle und nette Träume! Ich muss auch dringend in die horizontale  |
|
05.12.2012, 12:03
| #50 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert So, dann mach das OTL-Log mal neu und richtig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2012, 14:06
| #51 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.12.2012 13:40:06 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,08% Memory free 4,21 Gb Paging File | 2,91 Gb Available in Paging File | 69,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,00 Gb Total Space | 39,52 Gb Free Space | 33,21% Space Free | Partition Type: NTFS Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,71% Space Free | Partition Type: FAT32 Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Denise\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Norton Family\Engine\2.6.0.52\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NSM) -- C:\Program Files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe (Symantec Corporation) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgfws) -- C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Denise\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (ccSet_NSM) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys (Symantec Corporation) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys (Symantec Corporation) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.msn.de/ [binary data] IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7B 82 CA 63 D4 CB 01 [binary data] IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes,DefaultScope = Live Search IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_de IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{E3FCDD0E-5495-4FB5-B232-A90628C3FEA9}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGEP IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9 FF - prefs.js..extensions.enabledAddons: %7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.0.3 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B6D5C8FC4-DE46-41bf-9092-93F0F78E9115%7D:2.6.0.52 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 18:23:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.24 15:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2012.12.05 13:23:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.03 13:59:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 23:21:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2011.07.04 16:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Extensions [2012.05.17 11:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions [2012.05.17 11:44:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.30 14:19:55 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.04 18:20:16 | 000,001,610 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\ixquick-https---deutsch.xml [2012.02.15 18:03:18 | 000,002,422 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-byskipity-de.xml [2012.01.19 13:38:59 | 000,002,135 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-de.xml [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 13:32:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.05 13:23:21 | 000,000,000 | ---D | M] (Norton Family) -- C:\PROGRAMDATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.6.0.43\COFFFW [2012.09.24 15:22:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009.09.01 16:10:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.12.03 13:59:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.24 15:21:42 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.06.27 06:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.23 19:52:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.27 06:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.27 06:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 06:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 06:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: AVG Secure Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\ CHR - Extension: YouTube = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ CHR - Extension: AVG Do Not Track = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Google Mail = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.12.05 00:01:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Programme\Norton Family\Engine\2.6.0.52\coieplg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.05 13:41:05 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F48D36B6-438C-487C-819A-2FA35E6D0BF8} [2012.12.05 00:04:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.05 00:04:41 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\temp [2012.12.04 23:40:24 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.04 23:35:28 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\ComboFix.exe [2012.12.04 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3F144FA1-38E3-44D2-901B-681576C8E3C7} [2012.12.04 06:54:49 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{9AD61E9B-D447-4D60-B1FC-FA1EF4894409} [2012.12.03 13:49:08 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{697A4C24-F498-431E-A639-ADBCCAF439A7} [2012.12.01 02:45:02 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{B11774A4-49F1-4F0A-A3CE-A57F11CCA537} [2012.11.29 20:49:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.29 20:49:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.29 20:49:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.29 20:49:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.29 20:48:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.29 19:55:07 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.29 13:59:49 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{76F4FC14-1CF9-4D13-8150-60C9626CB587} [2012.11.28 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{131D264E-4C76-48FE-BA0D-3E19F323E5A1} [2012.11.28 15:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.11.28 15:54:39 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Canneverbe Limited [2012.11.28 15:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.11.27 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Malwarebytes [2012.11.27 14:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 14:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 14:55:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.27 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.26 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{6A526607-F3B6-402D-AA23-26134FF18592} [2012.11.25 23:23:10 | 000,202,144 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys [2012.11.25 23:23:09 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys [2012.11.25 23:23:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM\0206000.034 [2012.11.25 23:10:55 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{99EE0528-90C8-4427-8AA5-2E71AF03D139} [2012.11.25 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3CAE899F-CF32-475D-A283-A46948E11563} [2012.11.24 10:56:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.24 10:56:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.23 17:50:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.23 17:49:43 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.23 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{1BA53757-F880-4557-88B6-489BF1116B34} [2012.11.22 23:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.22 23:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.11.22 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{5201D3EE-30A2-4463-82D6-8D0A951F1B9E} [2012.11.21 16:05:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{374F8F64-6E2B-4DEF-8480-3983EAA63A36} [2012.11.20 17:52:07 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.11.20 17:52:07 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.20 17:49:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.20 17:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities [2012.11.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010 [2012.11.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{41E519CC-5C45-4CBE-A95D-686DA58A944C} [2012.11.19 18:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2012.11.19 18:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Committed – Das Geheimnis von Shady Pines [2012.11.19 18:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\astragon [2012.11.18 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F09D83D0-748C-4A4A-A2E6-1744C5FCD45A} [2012.11.17 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{DD27ABA4-FBF3-452A-8AD4-950DAB954601} [2012.11.17 11:26:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.17 11:26:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.17 11:26:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.17 11:26:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.17 11:26:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.17 11:26:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.16 14:35:17 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.16 14:26:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 14:13:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8868A5E0-F1D7-42F1-98B6-24F8073FF108} [2012.11.15 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C2624663-A705-4982-AFBB-25BE6585FFBB} [2012.11.14 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{67AF8C00-A5E3-4D9D-A9FE-B9D64C7C3CAC} [2012.11.13 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0D11F6CB-A810-4813-B972-BA8E3A341BE4} [2012.11.12 18:23:29 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.11.12 18:23:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM [2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family [2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Family [2012.11.12 18:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012.11.12 17:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.12 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.11.12 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0A39610F-F3CA-4880-97C3-3B5D07A96B5E} [2012.11.11 23:00:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3DD1B218-94BD-4116-B1D9-48D8F30853EF} [2012.11.10 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8DFBE69C-3E0C-48CF-909C-25BCF0765882} [2012.11.09 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{B98A27C4-3D17-4346-84A3-D478BF5CA972} [2012.11.08 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C3ED5C37-F433-492A-97B7-91A8177F646E} [2012.11.07 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FormatFactory [2012.11.07 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\Filme [2012.11.07 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FFOutput [2012.11.07 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F7E49BEA-E4C9-4D3B-8DD3-225546950404} [2012.11.06 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{E5458238-46C6-4FE5-9D04-E424257F91BA} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.05 13:35:35 | 000,000,680 | RHS- | M] () -- C:\Users\Denise\ntuser.pol [2012.12.05 13:27:33 | 000,641,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.05 13:27:33 | 000,607,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.05 13:27:33 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.05 13:27:32 | 000,132,646 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.05 13:23:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.05 13:23:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.05 13:22:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.05 00:01:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.04 23:35:36 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\ComboFix.exe [2012.12.04 09:11:36 | 000,659,814 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.11.29 17:38:17 | 101,618,651 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.11.29 15:12:57 | 000,000,512 | ---- | M] () -- C:\Users\Denise\MBR.dat [2012.11.28 15:54:13 | 000,001,738 | ---- | M] () -- C:\Users\Denise\Desktop\CDBurnerXP.lnk [2012.11.27 14:55:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 12:34:22 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini [2012.11.23 17:49:30 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.23 17:49:13 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.23 17:49:13 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.23 17:49:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.23 17:49:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.23 16:40:15 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.20 17:52:02 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.20 17:52:02 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.19 18:33:09 | 000,001,206 | ---- | M] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk [2012.11.17 12:04:43 | 000,501,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.12 18:23:29 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.12 18:23:29 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.12 18:23:29 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012.11.08 14:02:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.11.07 15:37:39 | 000,078,336 | ---- | M] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 09:23:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 06:51:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.07 06:51:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.29 20:49:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.29 20:49:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.29 20:49:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.29 20:49:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.29 20:49:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.29 15:12:57 | 000,000,512 | ---- | C] () -- C:\Users\Denise\MBR.dat [2012.11.28 15:54:13 | 000,001,738 | ---- | C] () -- C:\Users\Denise\Desktop\CDBurnerXP.lnk [2012.11.28 15:54:13 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.11.27 14:55:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 23:23:10 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.cat [2012.11.25 23:23:10 | 000,001,455 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.inf [2012.11.25 23:23:09 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.cat [2012.11.25 23:23:09 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.inf [2012.11.25 23:23:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini [2012.11.20 17:49:08 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.20 17:49:08 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.20 17:49:06 | 000,001,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk [2012.11.19 18:33:09 | 000,001,206 | ---- | C] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk [2012.11.12 18:23:29 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.12 18:23:29 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.11.06 09:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{71897A78-F9E8-4B86-8741-8A13688EB115} [2011.02.16 15:56:19 | 000,042,747 | ---- | C] () -- C:\Users\Denise\Scannen0001.jpg [2010.12.11 14:04:17 | 000,004,096 | -H-- | C] () -- C:\Users\Denise\AppData\Local\keyfile3.drm [2010.11.17 21:39:16 | 001,734,144 | ---- | C] () -- C:\Users\Denise\SK_Fasching.pps [2010.10.19 18:13:22 | 000,000,552 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d8caps.dat [2010.09.12 14:19:57 | 124,354,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 2.mp3 [2010.09.12 14:19:47 | 104,674,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 1.mp3 [2010.09.12 14:19:45 | 023,226,240 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Zugabe.mp3 [2010.08.05 16:32:49 | 000,145,697 | -H-- | C] () -- C:\Users\Denise\Cache.mxc3 [2009.12.12 23:38:48 | 000,024,375 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\mdbu.bin [2009.09.30 16:27:31 | 001,290,240 | ---- | C] () -- C:\Users\Denise\Zuma.exe [2009.09.03 23:26:31 | 000,000,051 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\AVSMediaPlayer.m3u [2009.01.13 16:09:50 | 000,000,680 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d9caps.dat [2009.01.06 15:15:34 | 000,693,765 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.exe [2009.01.06 15:15:34 | 000,013,615 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.dat [2008.03.03 20:11:18 | 000,000,094 | ---- | C] () -- C:\Users\Denise\AppData\Local\fusioncache.dat [2008.01.11 22:47:39 | 000,000,680 | RHS- | C] () -- C:\Users\Denise\ntuser.pol [2007.11.14 11:41:24 | 000,256,000 | ---- | C] () -- C:\Users\Denise\DieFrau.pps [2007.11.03 18:51:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.04 10:23:12 | 000,078,336 | ---- | C] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.12 08:33:49 | 000,007,458 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 889 bytes -> C:\Users\Denise\Documents\AW_ Ersatzteilbestellung Kundennr_ 13820973.eml:OECustomProperty @Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Robert mail wkw.eml:OECustomProperty @Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Email von Robert.eml:OECustomProperty @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A8A3140 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4F8BECB9 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6BF0805F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:25249477 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.12.2012 13:40:06 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,08% Memory free
4,21 Gb Paging File | 2,91 Gb Available in Paging File | 69,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 39,52 Gb Free Space | 33,21% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,71% Space Free | Partition Type: FAT32
Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19080638-8C48-47BD-87C1-9EF02369AD25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{704EFA8B-BE03-4760-904B-6D4A4714D187}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C058F94E-17F9-4522-B98C-8AB43C6E36C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C8CD4EF4-DC0A-4BBE-95FD-9F3A1A244D80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE7EE7DF-391D-4DC8-B23B-12C642359BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E14A8239-3D3F-49AF-8AA9-2040F13E3B93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E8A1D415-5B49-4DE7-9C9C-C912CD263B1C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BEAB8D-9F8D-4FFD-841B-E479554CC438}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{075016DB-4E8F-4F4F-B0DB-F69F0FC6E047}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1CD78567-1F75-495D-B99B-140E7BC26801}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{2CB38845-212D-40F7-A8A3-997011EEB275}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{31AAA460-ED14-485B-B7AB-1CAA18F52040}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3D19BC9F-2CAF-4FA7-8C31-0C259062218E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3D74EECD-B8D7-4AAE-B6CC-B3A4C3C3B102}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4736BDE5-5862-4725-996B-E47F86BA5C04}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4B3999FA-24F8-4EE8-A054-9867D9D1A8F9}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{4E836FA6-7802-499B-ACEC-57F9E67B07E3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52C89931-E481-4AF1-A8FA-F9D3D0383088}" = protocol=6 | dir=out | app=system |
"{5EEAF428-8CBE-4515-AC6F-182F58FBB2B1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{6226A2A8-D83C-45B6-9EED-AE2CD4F16D21}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{67CFF8B0-3C97-48E9-8D36-CDFE9E0E938C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7201CBB8-9E1B-4EF9-B5AF-4CAA67628D7D}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8F9C88B3-A655-48C0-8564-70D16DA28252}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{91FDC911-DF89-40FD-B98B-C4206C85E909}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{972FF6A0-34A5-43DF-929B-80F4329E0642}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"{A28800CC-3053-4DF3-BB82-728B763B2AAE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AF0472B4-163F-4B10-8FFF-D9DEEF0377FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFFB9506-5687-4E51-A3FC-90D37251245D}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{BED0DD59-F9FC-4179-97AC-CBE1FD6905DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C5DDC2B1-7689-4CCA-9DD7-958E7651ACE6}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{CC11E569-E948-4540-83EE-093ADACAF20F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E2848AEB-4345-405C-A167-A7F8B3A0585D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E33B09A0-E877-481B-B835-0F30F07F1D53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E3B843D3-A2B2-4801-A0EE-F2CC1BE5EC84}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E563006E-D037-467F-B771-F1DCF3FE07D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EE40C132-9B48-4C2A-B8F1-E128FF8F2ED7}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"{F467C94C-1E10-4587-BD96-9ED418DF3BCF}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F5A94E66-E3DE-4DFE-B3DC-5E4E556B0DDB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"TCP Query User{0721EEA2-0D77-4969-82B1-B5E02BBD6494}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C472579B-CEB4-434A-8259-2248988F2CF0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{DA227161-D47A-46BB-AAC4-E5C3B5C6D47E}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"TCP Query User{E87C4FFF-BAF6-448F-BC7F-765F24EFDCE4}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"TCP Query User{FC585045-91B0-4175-8FF4-2391E32B2EB2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{65002842-FC7E-4CBE-9755-E432834A7319}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70B41F12-C46A-457E-86F5-05C798B066CE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7799B9E6-A47A-4001-B64B-05F4F03B34A7}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"UDP Query User{A6D0F184-A149-4C1D-B83A-885E3F452796}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D0D8F64F-5A38-4E25-91EB-AA40D629F4ED}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{14897D5B-E7A5-43C6-AFC4-95C24A0194FF}_is1" = concept/design Hit-Recorder 3
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61727820-9C0B-42A3-BF08-831A62E466A4}" = Schreiben und Tippen lernen mit der Anlauttabelle
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D9B4C6B-7879-477A-B5EE-7DF068B91F34}" = PdfGrabber 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3579F43-021F-43D2-A392-C0CAAE2A89DA}" = WinLernen Körpernetze
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG" = AVG 2012
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Vergessene Laender - Erste Siedler" = Vergessene Länder: Erste Siedler ™
"CCleaner" = CCleaner
"Chronicles of Mystery/DE-German_is1" = Das Vermächtnis: Testament of Sin
"ClearProg" = ClearProg 1.5.0 Final
"Committed – Das Geheimnis von Shady Pines_is1" = Committed – Das Geheimnis von Shady Pines
"DWG TrueView 2010" = DWG TrueView 2010
"FileZilla Client" = FileZilla Client 3.3.5
"FormatFactory" = FormatFactory 2.90
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"NSM" = Norton Family
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Tobit ClipInc Server" = WDR RadioRecorder
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.12.2012 13:31:28 | Computer Name = Denise-JürgenPC | Source = Application Hang | ID = 1002
Description = Programm FirewallControlPanel.exe, Version 6.0.6001.18000 arbeitet
nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf
im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1018 Anfangszeit: 01cdcfe9646e9d01 Zeitpunkt
der Beendigung: 31
Error - 03.12.2012 08:30:44 | Computer Name = Denise-JürgenPC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 9a0 Anfangszeit: 01cdd1510597c3ea Zeitpunkt
der Beendigung: 31
Error - 03.12.2012 17:33:37 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2012 17:33:37 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2012 18:19:52 | Computer Name = Denise-JürgenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_5_502_110.exe, Version
11.5.502.110, Zeitstempel 0x508de12c, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x738e4618, Prozess-ID
0x1480, Anwendungsstartzeit 01cdd1a44f5fae55.
Error - 03.12.2012 18:20:10 | Computer Name = Denise-JürgenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_5_502_110.exe, Version
11.5.502.110, Zeitstempel 0x508de12c, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x738e4618, Prozess-ID
0xff4, Anwendungsstartzeit 01cdd1a45b565565.
Error - 03.12.2012 18:20:25 | Computer Name = Denise-JürgenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_5_502_110.exe, Version
11.5.502.110, Zeitstempel 0x508de12c, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x738e4618, Prozess-ID
0x1594, Anwendungsstartzeit 01cdd1a464379685.
Error - 03.12.2012 18:45:23 | Computer Name = Denise-JürgenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_5_502_110.exe, Version
11.5.502.110, Zeitstempel 0x508de12c, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x738e4618, Prozess-ID
0x7d0, Anwendungsstartzeit 01cdd1a7e1229fc5.
Error - 03.12.2012 18:49:40 | Computer Name = Denise-JürgenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_5_502_110.exe, Version
11.5.502.110, Zeitstempel 0x508de12c, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x738e4618, Prozess-ID
0xcb0, Anwendungsstartzeit 01cdd1a87a097245.
Error - 04.12.2012 10:20:00 | Computer Name = Denise-JürgenPC | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 17.04.2008 17:49:12 | Computer Name = Denise-JürgenPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 17.11.2012 06:28:39 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 17.11.2012 06:35:55 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 20.11.2012 15:13:23 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 29.11.2012 09:36:29 | Computer Name = Denise-JürgenPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.11.2012 um 14:22:52 unerwartet heruntergefahren.
Error - 29.11.2012 16:25:57 | Computer Name = Denise-JürgenPC | Source = Dhcpv6 | ID = 1008
Description = Die Netzwerkschnittstelle, die mit diesem System verbunden ist, konnte
nicht initialisiert werden. Fehlercode: %%5.
Error - 04.12.2012 10:19:49 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 04.12.2012 10:20:00 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 04.12.2012 10:20:01 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 04.12.2012 10:20:05 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 04.12.2012 18:37:04 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
05.12.2012, 14:25
| #52 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Die Logs sind völlig unauffällig und es gibt nichts zu fixen Mag sein, dass man bei einer Bereinigung die Schädlinge super entfernt hat, aber nicht nach jeder Bereinigung ist auch garantiert, dass das System wieder 1a läuft Versuch ein InplaceUpgrade von Windows zB bei drwindows beschrieben in diesem Artikel => Vista Reparaturinstallation: Vista Inplace Upgrade
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Firewall wird immer wieder unbemerkt deaktiviert |
| avg, bereits, dateien, deaktiviert, defender, firewall, freigabe, gefunde, helfer, helferteam, immer wieder, infiziertes, inter, interne, internet, malwarebytes, nichts, objekt, problem, schließe, schonmal, security, unbemerkt, windows, windows firewall, überhaupt |
Linear-Darstellung
