|
Log-Analyse und Auswertung: Desktop starkes schwarzes flackern/ Anzeige grobpixeligWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.01.2013, 21:06 | #1 |
| Desktop starkes schwarzes flackern/ Anzeige grobpixelig Hallo! Schön das es euch gibt, seit dem 21.01.13 habe ich plötzlich massive Probleme und hoffe ihr könnt mir weiterhelfen: Beim Starten des Laptops erscheint das Windowszeichen stark verschwommen, der Hintergrund ist grün und die Darstellung grobpixelig. Entweder ist der Desktop dann kontinuierlich schwarz oder flackert (besonders stark bei Anwendungen), so dass Eingaben kaum möglich sind. Ich hatte in einem Thread (desktop schwarz...) mit ähnlichem Problem gelesen, dass man nicht bei softronic downloaden sollte. Nun ist mir das mal vor einiger Zeit passiert und die daraus entstandenen Probleme hatte ich dann laienhaft beseitigt. Hier die nötigen Logfiles: Code:
ATTFilter OTL logfile created on: 24.01.2013 19:34:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\effibe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,48 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 89,02% Memory free 10,95 Gb Paging File | 10,37 Gb Available in Paging File | 94,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 674,00 Gb Total Space | 613,59 Gb Free Space | 91,04% Space Free | Partition Type: NTFS Drive D: | 20,48 Gb Total Space | 2,19 Gb Free Space | 10,69% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,26% Space Free | Partition Type: FAT32 Computer Name: PAVILION | User Name: effibe | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 19:06:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\effibe\Desktop\OTL.exe PRC - [2013.01.24 19:04:42 | 000,050,477 | ---- | M] () -- C:\Users\effibe\Desktop\Defogger.exe ========== Modules (No Company Name) ========== MOD - [2013.01.24 19:04:42 | 000,050,477 | ---- | M] () -- C:\Users\effibe\Desktop\Defogger.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.09.29 03:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.09.28 06:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.01.23 11:16:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 23:58:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.11 23:21:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 23:20:56 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.01 14:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.07.20 11:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011.06.29 02:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.05.27 20:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 23:21:43 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 23:21:42 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.29 08:49:54 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2012.11.29 08:49:54 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2012.11.29 08:49:54 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2012.11.29 08:49:54 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.11.29 08:49:54 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2012.11.29 08:49:54 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.15 06:37:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.15 06:37:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.29 03:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.29 02:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.18 13:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.07.19 01:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2011.06.17 12:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.06.17 12:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.05.31 01:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.05.27 20:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.03.30 23:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.27 06:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp IE - HKCU\..\SearchScopes,DefaultScope = {8E7FF665-5074-4BF1-83AD-4F7D23E26D08} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{7D2E91C7-1E68-4EA9-8060-3FEFB751789F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=2DF37638-A874-4870-9D03-6EEBA6C193C2&apn_sauid=81831F55-9278-4804-8F93-83C7B683FD96 IE - HKCU\..\SearchScopes\{8E7FF665-5074-4BF1-83AD-4F7D23E26D08}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9B68D28D-1993-45A7-BB4C-F3C81595042B}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=495 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{C87395B5-70D9-4E25-AB1F-FF23936613EF}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 11:16:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.23 11:16:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 11:16:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.23 11:16:51 | 000,000,000 | ---D | M] [2012.07.11 22:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\effibe\AppData\Roaming\mozilla\Extensions [2013.01.23 20:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\effibe\AppData\Roaming\mozilla\Firefox\Profiles\8d1lq8a9.default\extensions [2013.01.23 20:06:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\effibe\AppData\Roaming\mozilla\Firefox\Profiles\8d1lq8a9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.08.08 11:36:07 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\effibe\AppData\Roaming\mozilla\Firefox\Profiles\8d1lq8a9.default\extensions\ffxtlbra@softonic.com [2013.01.07 18:57:54 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\effibe\AppData\Roaming\mozilla\firefox\profiles\8d1lq8a9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.29 15:31:09 | 000,002,558 | ---- | M] () -- C:\Users\effibe\AppData\Roaming\mozilla\firefox\profiles\8d1lq8a9.default\searchplugins\aol-search.xml [2012.08.08 09:54:53 | 000,001,794 | ---- | M] () -- C:\Users\effibe\AppData\Roaming\mozilla\firefox\profiles\8d1lq8a9.default\searchplugins\google-language-de.xml [2012.08.08 11:24:03 | 000,002,062 | ---- | M] () -- C:\Users\effibe\AppData\Roaming\mozilla\firefox\profiles\8d1lq8a9.default\searchplugins\softonic.xml [2013.01.23 11:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.23 11:16:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 21:47:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29673E42-6DFE-45AC-9D7C-6AC58760CBD7}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC9A93A-362A-471B-8FE7-79CCF91F559D}: DhcpNameServer = 40.20.1.201 40.20.1.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A18E449-304A-433B-8842-BF6D085A7256}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6089F5EF-4C99-49D8-BF0A-121B928651F9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAC86BC-A79F-4FC6-A9F0-E6CB09F1BDE3}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8619ba5f-39f8-11e2-adca-ec9a744cbd02}\Shell - "" = AutoRun O33 - MountPoints2\{8619ba5f-39f8-11e2-adca-ec9a744cbd02}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8619ba78-39f8-11e2-adca-ec9a744cbd02}\Shell - "" = AutoRun O33 - MountPoints2\{8619ba78-39f8-11e2-adca-ec9a744cbd02}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{d6454d14-39f9-11e2-9fb9-ec9a744cbd02}\Shell - "" = AutoRun O33 - MountPoints2\{d6454d14-39f9-11e2-9fb9-ec9a744cbd02}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{de555148-3d1f-11e2-adfc-ec9a744cbd02}\Shell - "" = AutoRun O33 - MountPoints2\{de555148-3d1f-11e2-adfc-ec9a744cbd02}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 19:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\effibe\Desktop\OTL.exe [2013.01.24 14:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics [2013.01.24 02:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.01.24 01:06:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs [2013.01.23 11:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.07 10:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} ========== Files - Modified Within 30 Days ========== [2013.01.24 19:29:58 | 000,365,568 | ---- | M] () -- C:\Users\effibe\Desktop\gmer-2.0.18444.exe [2013.01.24 19:11:45 | 000,000,000 | ---- | M] () -- C:\Users\effibe\defogger_reenable [2013.01.24 19:10:08 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.24 19:10:08 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.24 19:10:08 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.24 19:10:08 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.24 19:10:08 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.24 19:06:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\effibe\Desktop\OTL.exe [2013.01.24 19:04:42 | 000,050,477 | ---- | M] () -- C:\Users\effibe\Desktop\Defogger.exe [2013.01.24 18:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 18:41:03 | 116,449,279 | -HS- | M] () -- C:\hiberfil.sys [2013.01.24 17:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.24 17:56:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 17:56:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 17:45:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.10 03:30:39 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 03:13:16 | 001,591,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.08 08:41:10 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForeffibe.job [2013.01.07 10:50:49 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk ========== Files Created - No Company Name ========== [2013.01.24 19:29:56 | 000,365,568 | ---- | C] () -- C:\Users\effibe\Desktop\gmer-2.0.18444.exe [2013.01.24 19:11:45 | 000,000,000 | ---- | C] () -- C:\Users\effibe\defogger_reenable [2013.01.24 19:04:41 | 000,050,477 | ---- | C] () -- C:\Users\effibe\Desktop\Defogger.exe [2013.01.10 17:45:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.07 10:50:49 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012.07.28 09:14:20 | 000,000,032 | ---- | C] () -- C:\Users\effibe\.simfy [2011.12.17 00:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.17 00:54:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.12.17 00:49:38 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.17 00:39:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.10.14 21:23:20 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.09.28 06:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.09.06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011.03.18 10:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.12.20 11:25:04 | 000,292,177 | ---- | C] () -- C:\Users\effibe\ASK Remover.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\Artweaver Free [2012.07.29 15:26:14 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\OpenCandy [2012.07.28 09:14:20 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\Simfy [2013.01.22 18:13:08 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\SoftGrid Client [2012.05.31 20:58:56 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\Synaptics [2012.06.02 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\TP [2012.07.11 21:38:44 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\Windows Live Writer [2012.09.13 05:47:52 | 000,000,000 | ---D | M] -- C:\Users\effibe\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 19:34:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\effibe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,48 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 89,02% Memory free 10,95 Gb Paging File | 10,37 Gb Available in Paging File | 94,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 674,00 Gb Total Space | 613,59 Gb Free Space | 91,04% Space Free | Partition Type: NTFS Drive D: | 20,48 Gb Total Space | 2,19 Gb Free Space | 10,69% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,26% Space Free | Partition Type: FAT32 Computer Name: PAVILION | User Name: effibe | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0781104C-2951-4241-9216-EB4399EDDFFA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{13C9A212-2009-49C3-B204-3284F3650659}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{16CC1F69-D1D1-4461-AB2B-A9E30860520C}" = rport=137 | protocol=17 | dir=out | app=system | "{24C02D29-A363-4C1B-A0B4-4EE3341153C0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{32601DF3-E1B3-4DFD-B55B-186909A470E8}" = lport=137 | protocol=17 | dir=in | app=system | "{3A0A207B-6F50-4FB4-9248-2F5BE2086292}" = lport=138 | protocol=17 | dir=in | app=system | "{3DE6143F-A6B9-45FE-A2B7-9CD7F4250804}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{456D4B7D-B3BA-4B5A-945E-EEA80DF06E81}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4B23781D-31BC-49D1-B975-1976AFAD8C6C}" = rport=138 | protocol=17 | dir=out | app=system | "{4E2333BB-EA46-47CF-970A-7361A3429169}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50CA8323-A57A-4C64-A5FD-249FDE4C7962}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5BCAC8CA-7E59-4222-B26A-9F384E5021A2}" = lport=2869 | protocol=6 | dir=in | app=system | "{665C1B9F-D5A3-4980-B899-D960E1CD5E93}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7A7C4AC1-2AE5-4D34-8AA7-87F866D68A14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7E3A3163-B363-4747-8557-5C88DF983D5B}" = rport=445 | protocol=6 | dir=out | app=system | "{93BC6366-AAD7-4556-A366-5D210DD6AB92}" = lport=139 | protocol=6 | dir=in | app=system | "{9C25F947-DCE0-45D6-8829-54A0A130EBBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D99B81A-FFFA-4EB5-BCC6-0467F7581566}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A5A83674-5294-4D4C-99F8-8EC80D7566B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B182B955-A9AF-4C72-AC9C-35D063471EB0}" = rport=139 | protocol=6 | dir=out | app=system | "{B293B6B0-38F7-4759-8DE4-BB6E4E2239A1}" = rport=10243 | protocol=6 | dir=out | app=system | "{B2F5C7F5-1ACC-4C05-A721-D7FA4DC1B980}" = lport=445 | protocol=6 | dir=in | app=system | "{C0BBC9C1-51C5-4E16-B32F-059C9149E2CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C5BEF3D8-D3C8-4F6D-BAEE-38E80B72CA12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5E727F7-5F4B-4534-99ED-E59CCD1A0DBF}" = lport=10243 | protocol=6 | dir=in | app=system | "{C8161D74-44FE-46C7-BB40-A8D123DC4985}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D355CCDC-96CB-488B-AE1D-2422C9048C0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EAE192CA-4575-489E-AB91-6A97283B0D14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F184856B-2D73-4081-A821-F0351D1D1FED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FE37BAAD-CAD7-4DA3-BB35-AB3FF87316C4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE53FDD1-A008-4728-A460-88CE28AF4DD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17814D93-4463-4D25-B6C9-CB6D0BC3E449}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{1D21DBCB-3AAD-4021-84FA-50369EFBA295}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2D642E3C-49EC-4D17-9734-4A8090701D82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2D741994-439C-4FF5-95E2-4E3720F43995}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{37F344C5-844E-41E2-8F7C-E7F831466AE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3D015496-ECED-4B9B-B104-5D9434DEFF1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{403FD9A4-EFD0-4A28-958D-A5CA6356DB80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51235716-0577-4764-A7B4-3BDD221E8538}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{621C2173-AD3C-4922-B7BC-A20411CAD281}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{62CB9137-117F-4FE0-A947-27320121D75A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{64418005-9B93-4082-B9E9-5723B9F6557B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6876272F-6EDF-427C-9C27-7CDB3E468BCD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6FD66C2E-CC2C-46DC-A517-44B0F5F2B670}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72D36D14-AB82-40F4-97F7-C3F76AEB99B9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{76B0CB35-242E-4D0D-A894-FB529577B6C1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{97F2EB8D-782B-43BD-9EC7-F6F39AC4E7E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{984E48E2-47BE-4817-B349-8BA94809D3D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A225A52F-3CB1-4A93-A064-0D764B472A17}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AAAFD814-665C-47D3-B734-AAF6F1EE626B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AB1C2D7A-5886-4F8A-B4BB-510C490525D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B18C0276-ECA0-49C1-9086-EC41A2D8D36A}" = protocol=6 | dir=out | app=system | "{B92DD671-7396-42C8-BED9-0F9A92C2C453}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{C369594E-6B7A-4E85-AF5D-5631C3B58011}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CABEA439-16AE-40A6-BD74-159DBA2152ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D5136938-9C1C-4D49-AFEF-A4B47D93832E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D5FC896D-7AEB-4B39-A501-40B484DC2458}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DEB079DF-9CC0-47F8-A0B1-EC1399E83EBE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E4BD1147-5EC5-413D-BDB1-036BC069B169}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F459A54D-9A9F-4592-BDB7-1DBBE3B41CC3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F5837E98-ECAC-421A-8046-17412049A08E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "TCP Query User{258C4DF1-30F4-4784-9CEA-1F56105FD21C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{A2913D23-3A31-4732-BEC8-B4010D7242B3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel "{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager "{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box "{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French "{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch "{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian "{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish "{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech "{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop "{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb "{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding "{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish "{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian "{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Mobile Partner" = Mobile Partner "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SoftwareUpdUtility" = Download Updater (AOL Inc.) "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinLiveSuite" = Windows Live Essentials "WTA-03ea59ed-d1f7-487a-ad67-ca4e5cefde34" = Jewel Quest Solitaire 2 "WTA-054c99d8-267a-47f8-ad19-9355ed305c6d" = Cradle of Rome 2 "WTA-1053453e-3de3-477f-86f7-1fc48a185bd7" = Final Drive Fury "WTA-191d3e53-2bb8-43d2-a954-1ac603067231" = Jewel Quest II "WTA-223bf5e8-82a4-4660-af59-77a628abe1da" = Polar Bowler "WTA-26b51dfa-2327-4d40-9be2-8b9434fa0e18" = Torchlight "WTA-28a8f46f-df81-4021-97f9-6698ec5082de" = Plants vs. Zombies - Game of the Year "WTA-33230af3-e18b-42ae-961b-eae5342395fc" = Fishdom (TM) 2 "WTA-38383acd-722f-46de-8124-d7345a25538f" = Zuma's Revenge "WTA-45102130-68f2-4407-ab82-a19960917da4" = Virtual Families "WTA-4a03492b-9020-4848-9527-f3563b8b7d62" = Mahjongg Artifacts "WTA-56fc6c91-4165-4f7f-b49f-671a9e05d8d8" = Mystery of Mortlake Mansion "WTA-57023b95-bf50-4cdf-8432-bd4d17d12552" = Insaniquarium Deluxe "WTA-57954522-658d-450a-ab79-5a0c31abb374" = FATE "WTA-59631dde-bdbe-41af-8730-3dd6a36ad6a6" = Virtual Villagers 4 - The Tree of Life "WTA-67203543-c742-4316-b4f3-530105f6b2d2" = Farmscapes "WTA-8a1f7a80-e8fd-4a37-9240-a71213dbf8e4" = Bejeweled 3 "WTA-92f7342c-367d-4894-90ff-e616050496bd" = Ranch Rush 2 - Premium Edition "WTA-b6ded335-d79a-4d9b-8ae2-5be58f8cb4a8" = Wedding Dash "WTA-b74f609e-e265-4f25-b67b-d617e4116b70" = Cake Mania "WTA-bf4fb92e-e400-457f-a07f-978e67e3a3e6" = Farm Frenzy "WTA-ccc39dba-9374-4d7b-985f-db5ee844430c" = Jewel Match 3 "WTA-efc54a8c-fe71-4a88-b861-74c41261decc" = Chuzzle Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in "Winamp Toolbar" = Winamp Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.01.2013 11:23:51 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = Error - 03.01.2013 09:02:31 | Computer Name = pavilion | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\effibe\Downloads\SoftonicDownloader_fuer_ask-toolbar-remover.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 04.01.2013 12:48:40 | Computer Name = pavilion | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 06.01.2013 13:54:46 | Computer Name = pavilion | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 08.01.2013 03:41:16 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = Error - 09.01.2013 10:48:27 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 09:44:16 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 20:27:36 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 13:16:22 | Computer Name = pavilion | Source = Application Hang | ID = 1002 Description = Programm winamp.exe, Version 5.6.3.3235 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: be0 Startzeit: 01cdef929d7252c6 Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe Berichts-ID: 5fc25c5d-5b86-11e2-ad30-ec9a744cbd02 Error - 12.01.2013 15:19:17 | Computer Name = pavilion | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 19.08.2012 17:24:25 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/d822e408_3345_42e9_94ea_19a945050f24/7sewxjsfjnqteb6adwupsd_k_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: TargetSite: Void UpdateDetail(System.String) Error - 22.08.2012 16:41:06 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/c8270d4f_c4b7_4f43_bdcd_4dcaf1224eff/c2fs8azm6+nx4wyvkcfoh_v0_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 22.08.2012 16:41:07 | Computer Name = pavilion | Source = HPSF.exe | ID = 4000 Description = Error - 02.09.2012 17:11:52 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/8846a614_6eeb_4b27_b2d8_534bf13e9985/l5nnlbuoydnko4u9w_v_vbi0_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: TargetSite: Void UpdateDetail(System.String) Error - 29.10.2012 02:35:55 | Computer Name = pavilion | Source = HPSF.exe | ID = 4000 Description = Error - 03.12.2012 04:14:32 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 10.12.2012 14:53:53 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 16.12.2012 19:34:04 | Computer Name = pavilion | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 5609 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() [ HP Software Framework Events ] Error - 23.06.2012 09:44:53 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.06.23 15:44:53.057|00001008|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 23.06.2012 09:46:09 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.06.23 15:46:09.700|00001290|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 23.06.2012 09:46:13 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.06.23 15:46:13.527|000008C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 30.06.2012 08:50:42 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.06.30 14:50:42.389|000017DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 07.07.2012 18:17:08 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.08 00:17:08.542|00000E64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 21.07.2012 07:56:53 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.21 13:56:53.686|00000DE4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 23.07.2012 10:42:09 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.23 16:42:09.956|00000450|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 23.07.2012 10:43:48 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.23 16:43:48.370|000005D8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 23.07.2012 10:43:52 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.23 16:43:52.189|00001364|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 28.07.2012 08:23:12 | Computer Name = pavilion | Source = CaslWmi | ID = 5 Description = 2012.07.28 14:23:12.703|000013B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.09.2012 21:28:44 | Computer Name = pavilion | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 21.09.2012 13:53:27 | Computer Name = pavilion | Source = bowser | ID = 8003 Description = Error - 06.10.2012 09:46:21 | Computer Name = pavilion | Source = bowser | ID = 8003 Description = < End of report > Nach Scan mit GMER kommt der Hinweis: GMER hasn´t found any system modification. Hoffe das war richtig so und vorab herzlichen Dank für eure Mühe! Oje, jetzt habe ich den ersten Scan vergessen :-( Soll ich den nachträglich durchführen? Geändert von effibe (24.01.2013 um 21:46 Uhr) |
27.01.2013, 20:03 | #2 |
/// Helfer-Team | Desktop starkes schwarzes flackern/ Anzeige grobpixelig1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
26.03.2013, 04:41 | #3 |
/// Helfer-Team | Desktop starkes schwarzes flackern/ Anzeige grobpixelig Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
Themen zu Desktop starkes schwarzes flackern/ Anzeige grobpixelig |
adobe, antivir, autorun, avira, benachrichtigungsdienst, bho, bingbar, desktop, error, failed, fehler, firefox, flash player, format, google, helper, home, index, install.exe, launch, microsoft office starter 2010, mozilla, plug-in, realtek, registry, richtlinie, rundll, scan, security, services.exe, starten, svchost.exe, systemereignisse, udp, verschwommen, wildtangent games |